projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Pass desired connection role to hci_connect_le()
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
730f091b 38#define MGMT_REVISION 7
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 89 MGMT_OP_ADD_DEVICE,
90 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 91 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 92 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 93 MGMT_OP_READ_CONFIG_INFO,
dbece37a 94 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 95 MGMT_OP_SET_PUBLIC_ADDRESS,
e70bb2e8
JH		 96};
97
98static const u16 mgmt_events[] = {
99 MGMT_EV_CONTROLLER_ERROR,
100 MGMT_EV_INDEX_ADDED,
101 MGMT_EV_INDEX_REMOVED,
102 MGMT_EV_NEW_SETTINGS,
103 MGMT_EV_CLASS_OF_DEV_CHANGED,
104 MGMT_EV_LOCAL_NAME_CHANGED,
105 MGMT_EV_NEW_LINK_KEY,
106 MGMT_EV_NEW_LONG_TERM_KEY,
107 MGMT_EV_DEVICE_CONNECTED,
108 MGMT_EV_DEVICE_DISCONNECTED,
109 MGMT_EV_CONNECT_FAILED,
110 MGMT_EV_PIN_CODE_REQUEST,
111 MGMT_EV_USER_CONFIRM_REQUEST,
112 MGMT_EV_USER_PASSKEY_REQUEST,
113 MGMT_EV_AUTH_FAILED,
114 MGMT_EV_DEVICE_FOUND,
115 MGMT_EV_DISCOVERING,
116 MGMT_EV_DEVICE_BLOCKED,
117 MGMT_EV_DEVICE_UNBLOCKED,
118 MGMT_EV_DEVICE_UNPAIRED,
92a25256 119 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 120 MGMT_EV_NEW_IRK,
7ee4ea36 121 MGMT_EV_NEW_CSRK,
8afef092
MH		 122 MGMT_EV_DEVICE_ADDED,
123 MGMT_EV_DEVICE_REMOVED,
ffb5a827 124 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 125 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 126 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 127 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 128};
129
17b02e62 130#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 131
4b34ee78
JH		 132#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
133 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
134
eec8d2bc
JH		 135struct pending_cmd {
136 struct list_head list;
fc2f4b13 137 u16 opcode;
eec8d2bc 138 int index;
c68fb7ff 139 void *param;
eec8d2bc 140 struct sock *sk;
e9a416b5 141 void *user_data;
eec8d2bc
JH		 142};
143
ca69b795
JH		 144/* HCI to MGMT error code conversion table */
145static u8 mgmt_status_table[] = {
146 MGMT_STATUS_SUCCESS,
147 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
148 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
149 MGMT_STATUS_FAILED, /* Hardware Failure */
150 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
151 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 152 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 153 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
154 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
155 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
156 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
157 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
158 MGMT_STATUS_BUSY, /* Command Disallowed */
159 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
160 MGMT_STATUS_REJECTED, /* Rejected Security */
161 MGMT_STATUS_REJECTED, /* Rejected Personal */
162 MGMT_STATUS_TIMEOUT, /* Host Timeout */
163 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
165 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
166 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
167 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
168 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
169 MGMT_STATUS_BUSY, /* Repeated Attempts */
170 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
171 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
172 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
173 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
174 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
175 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
176 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
177 MGMT_STATUS_FAILED, /* Unspecified Error */
178 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
179 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
180 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
181 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
182 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
183 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
184 MGMT_STATUS_FAILED, /* Unit Link Key Used */
185 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
186 MGMT_STATUS_TIMEOUT, /* Instant Passed */
187 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
188 MGMT_STATUS_FAILED, /* Transaction Collision */
189 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
190 MGMT_STATUS_REJECTED, /* QoS Rejected */
191 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
192 MGMT_STATUS_REJECTED, /* Insufficient Security */
193 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
194 MGMT_STATUS_BUSY, /* Role Switch Pending */
195 MGMT_STATUS_FAILED, /* Slot Violation */
196 MGMT_STATUS_FAILED, /* Role Switch Failed */
197 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
198 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
199 MGMT_STATUS_BUSY, /* Host Busy Pairing */
200 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
201 MGMT_STATUS_BUSY, /* Controller Busy */
202 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
203 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
204 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
205 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
206 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
207};
208
209static u8 mgmt_status(u8 hci_status)
210{
211 if (hci_status < ARRAY_SIZE(mgmt_status_table))
212 return mgmt_status_table[hci_status];
213
214 return MGMT_STATUS_FAILED;
215}
216
04c60f05
MH		 217static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
218 struct sock *skip_sk)
219{
220 struct sk_buff *skb;
221 struct mgmt_hdr *hdr;
222
223 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
224 if (!skb)
225 return -ENOMEM;
226
227 hdr = (void *) skb_put(skb, sizeof(*hdr));
228 hdr->opcode = cpu_to_le16(event);
229 if (hdev)
230 hdr->index = cpu_to_le16(hdev->id);
231 else
232 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
233 hdr->len = cpu_to_le16(data_len);
234
235 if (data)
236 memcpy(skb_put(skb, data_len), data, data_len);
237
238 /* Time stamp */
239 __net_timestamp(skb);
240
241 hci_send_to_control(skb, skip_sk);
242 kfree_skb(skb);
243
244 return 0;
245}
246
4e51eae9 247static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 248{
249 struct sk_buff *skb;
250 struct mgmt_hdr *hdr;
251 struct mgmt_ev_cmd_status *ev;
56b7d137 252 int err;
f7b64e69 253
34eb525c 254 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 255
790eff44 256 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 257 if (!skb)
258 return -ENOMEM;
259
260 hdr = (void *) skb_put(skb, sizeof(*hdr));
261
dcf4adbf 262 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 263 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 264 hdr->len = cpu_to_le16(sizeof(*ev));
265
266 ev = (void *) skb_put(skb, sizeof(*ev));
267 ev->status = status;
eb55ef07 268 ev->opcode = cpu_to_le16(cmd);
f7b64e69 269
56b7d137
GP		 270 err = sock_queue_rcv_skb(sk, skb);
271 if (err < 0)
f7b64e69
JH		 272 kfree_skb(skb);
273
56b7d137 274 return err;
f7b64e69
JH		 275}
276
aee9b218 277static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 278 void *rp, size_t rp_len)
02d98129
JH		 279{
280 struct sk_buff *skb;
281 struct mgmt_hdr *hdr;
282 struct mgmt_ev_cmd_complete *ev;
56b7d137 283 int err;
02d98129
JH		 284
285 BT_DBG("sock %p", sk);
286
790eff44 287 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 288 if (!skb)
289 return -ENOMEM;
290
291 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 292
dcf4adbf 293 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 294 hdr->index = cpu_to_le16(index);
a38528f1 295 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 296
a38528f1 297 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 298 ev->opcode = cpu_to_le16(cmd);
aee9b218 299 ev->status = status;
8020c16a
SJ		 300
301 if (rp)
302 memcpy(ev->data, rp, rp_len);
02d98129 303
56b7d137
GP		 304 err = sock_queue_rcv_skb(sk, skb);
305 if (err < 0)
02d98129
JH		 306 kfree_skb(skb);
307
e5f0e151 308 return err;
02d98129
JH		 309}
310
04124681
GP		 311static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
312 u16 data_len)
a38528f1
JH		 313{
314 struct mgmt_rp_read_version rp;
315
316 BT_DBG("sock %p", sk);
317
318 rp.version = MGMT_VERSION;
dcf4adbf 319 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 320
aee9b218 321 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 322 sizeof(rp));
a38528f1
JH		 323}
324
04124681
GP		 325static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
326 u16 data_len)
e70bb2e8
JH		 327{
328 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 329 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
330 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 331 __le16 *opcode;
e70bb2e8
JH		 332 size_t rp_size;
333 int i, err;
334
335 BT_DBG("sock %p", sk);
336
337 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
338
339 rp = kmalloc(rp_size, GFP_KERNEL);
340 if (!rp)
341 return -ENOMEM;
342
dcf4adbf
JP		 343 rp->num_commands = cpu_to_le16(num_commands);
344 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 345
346 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
347 put_unaligned_le16(mgmt_commands[i], opcode);
348
349 for (i = 0; i < num_events; i++, opcode++)
350 put_unaligned_le16(mgmt_events[i], opcode);
351
aee9b218 352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 353 rp_size);
e70bb2e8
JH		 354 kfree(rp);
355
356 return err;
357}
358
04124681
GP		 359static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
360 u16 data_len)
faba42eb 361{
faba42eb 362 struct mgmt_rp_read_index_list *rp;
8035ded4 363 struct hci_dev *d;
a38528f1 364 size_t rp_len;
faba42eb 365 u16 count;
476e44cb 366 int err;
faba42eb
JH		 367
368 BT_DBG("sock %p", sk);
369
370 read_lock(&hci_dev_list_lock);
371
372 count = 0;
bb4b2a9a 373 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 374 if (d->dev_type == HCI_BREDR &&
375 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 376 count++;
faba42eb
JH		 377 }
378
a38528f1
JH		 379 rp_len = sizeof(*rp) + (2 * count);
380 rp = kmalloc(rp_len, GFP_ATOMIC);
381 if (!rp) {
b2c60d42 382 read_unlock(&hci_dev_list_lock);
faba42eb 383 return -ENOMEM;
b2c60d42 384 }
faba42eb 385
476e44cb 386 count = 0;
8035ded4 387 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 388 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 389 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 390 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 391 continue;
392
73d1df2a
MH		 393 /* Devices marked as raw-only are neither configured
394 * nor unconfigured controllers.
395 */
396 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 397 continue;
398
73d1df2a
MH		 399 if (d->dev_type == HCI_BREDR &&
400 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 401 rp->index[count++] = cpu_to_le16(d->id);
402 BT_DBG("Added hci%u", d->id);
403 }
faba42eb
JH		 404 }
405
476e44cb
JH		 406 rp->num_controllers = cpu_to_le16(count);
407 rp_len = sizeof(*rp) + (2 * count);
408
faba42eb
JH		 409 read_unlock(&hci_dev_list_lock);
410
aee9b218 411 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 412 rp_len);
faba42eb 413
a38528f1
JH		 414 kfree(rp);
415
416 return err;
faba42eb
JH		 417}
418
73d1df2a
MH		 419static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
420 void *data, u16 data_len)
421{
422 struct mgmt_rp_read_unconf_index_list *rp;
423 struct hci_dev *d;
424 size_t rp_len;
425 u16 count;
426 int err;
427
428 BT_DBG("sock %p", sk);
429
430 read_lock(&hci_dev_list_lock);
431
432 count = 0;
433 list_for_each_entry(d, &hci_dev_list, list) {
434 if (d->dev_type == HCI_BREDR &&
435 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
436 count++;
437 }
438
439 rp_len = sizeof(*rp) + (2 * count);
440 rp = kmalloc(rp_len, GFP_ATOMIC);
441 if (!rp) {
442 read_unlock(&hci_dev_list_lock);
443 return -ENOMEM;
444 }
445
446 count = 0;
447 list_for_each_entry(d, &hci_dev_list, list) {
448 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 449 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 450 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
451 continue;
452
453 /* Devices marked as raw-only are neither configured
454 * nor unconfigured controllers.
455 */
456 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
457 continue;
458
459 if (d->dev_type == HCI_BREDR &&
460 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
461 rp->index[count++] = cpu_to_le16(d->id);
462 BT_DBG("Added hci%u", d->id);
463 }
464 }
465
466 rp->num_controllers = cpu_to_le16(count);
467 rp_len = sizeof(*rp) + (2 * count);
468
469 read_unlock(&hci_dev_list_lock);
470
471 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
472 0, rp, rp_len);
473
474 kfree(rp);
475
476 return err;
477}
478
dbece37a
MH		 479static bool is_configured(struct hci_dev *hdev)
480{
481 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
482 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
483 return false;
484
485 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
486 !bacmp(&hdev->public_addr, BDADDR_ANY))
487 return false;
488
489 return true;
490}
491
89bc22d2
MH		 492static __le32 get_missing_options(struct hci_dev *hdev)
493{
494 u32 options = 0;
495
dbece37a
MH		 496 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
497 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 498 options |= MGMT_OPTION_EXTERNAL_CONFIG;
499
89bc22d2
MH		 500 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
501 !bacmp(&hdev->public_addr, BDADDR_ANY))
502 options |= MGMT_OPTION_PUBLIC_ADDRESS;
503
504 return cpu_to_le32(options);
505}
506
f4537c04
MH		 507static int new_options(struct hci_dev *hdev, struct sock *skip)
508{
509 __le32 options = get_missing_options(hdev);
510
511 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
512 sizeof(options), skip);
513}
514
dbece37a
MH		 515static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
516{
517 __le32 options = get_missing_options(hdev);
518
519 return cmd_complete(sk, hdev->id, opcode, 0, &options,
520 sizeof(options));
521}
522
9fc3bfb6
MH		 523static int read_config_info(struct sock *sk, struct hci_dev *hdev,
524 void *data, u16 data_len)
525{
526 struct mgmt_rp_read_config_info rp;
89bc22d2 527 u32 options = 0;
9fc3bfb6
MH		 528
529 BT_DBG("sock %p %s", sk, hdev->name);
530
531 hci_dev_lock(hdev);
532
533 memset(&rp, 0, sizeof(rp));
534 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 535
eb1904f4
MH		 536 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
537 options |= MGMT_OPTION_EXTERNAL_CONFIG;
538
9fc3bfb6 539 if (hdev->set_bdaddr)
89bc22d2
MH		 540 options |= MGMT_OPTION_PUBLIC_ADDRESS;
541
542 rp.supported_options = cpu_to_le32(options);
543 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 544
545 hci_dev_unlock(hdev);
546
547 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
548 sizeof(rp));
549}
550
69ab39ea
JH		 551static u32 get_supported_settings(struct hci_dev *hdev)
552{
553 u32 settings = 0;
554
555 settings |= MGMT_SETTING_POWERED;
69ab39ea 556 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 557 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 558
ed3fa31f 559 if (lmp_bredr_capable(hdev)) {
33c525c0 560 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 561 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
562 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 563 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 564 settings |= MGMT_SETTING_BREDR;
565 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 566
567 if (lmp_ssp_capable(hdev)) {
568 settings |= MGMT_SETTING_SSP;
569 settings |= MGMT_SETTING_HS;
570 }
e98d2ce2 571
5afeac14 572 if (lmp_sc_capable(hdev) ||
111902f7 573 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 574 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 575 }
d7b7e796 576
eeca6f89 577 if (lmp_le_capable(hdev)) {
9d42820f 578 settings |= MGMT_SETTING_LE;
eeca6f89 579 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 580 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 581 }
69ab39ea 582
eb1904f4
MH		 583 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
584 hdev->set_bdaddr)
9fc3bfb6
MH		 585 settings |= MGMT_SETTING_CONFIGURATION;
586
69ab39ea
JH		 587 return settings;
588}
589
590static u32 get_current_settings(struct hci_dev *hdev)
591{
592 u32 settings = 0;
593
f1f0eb02 594 if (hdev_is_powered(hdev))
f0d4b78a
MH		 595 settings |= MGMT_SETTING_POWERED;
596
5e5282bb 597 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 598 settings |= MGMT_SETTING_CONNECTABLE;
599
1a4d3c4b
JH		 600 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
601 settings |= MGMT_SETTING_FAST_CONNECTABLE;
602
5e5282bb 603 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 604 settings |= MGMT_SETTING_DISCOVERABLE;
605
a8b2d5c2 606 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 607 settings |= MGMT_SETTING_PAIRABLE;
608
56f87901 609 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 610 settings |= MGMT_SETTING_BREDR;
611
06199cf8 612 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 613 settings |= MGMT_SETTING_LE;
614
47990ea0 615 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 616 settings |= MGMT_SETTING_LINK_SECURITY;
617
84bde9d6 618 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 619 settings |= MGMT_SETTING_SSP;
620
6d80dfd0
JH		 621 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
622 settings |= MGMT_SETTING_HS;
623
f3d3444a 624 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 625 settings |= MGMT_SETTING_ADVERTISING;
626
e98d2ce2
MH		 627 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
628 settings |= MGMT_SETTING_SECURE_CONN;
629
0663b297 630 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 631 settings |= MGMT_SETTING_DEBUG_KEYS;
632
0f4bd942
JH		 633 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
634 settings |= MGMT_SETTING_PRIVACY;
635
69ab39ea
JH		 636 return settings;
637}
638
ef580372
JH		 639#define PNP_INFO_SVCLASS_ID 0x1200
640
213202ed
JH		 641static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
642{
643 u8 *ptr = data, *uuids_start = NULL;
644 struct bt_uuid *uuid;
645
646 if (len < 4)
647 return ptr;
648
649 list_for_each_entry(uuid, &hdev->uuids, list) {
650 u16 uuid16;
651
652 if (uuid->size != 16)
653 continue;
654
655 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
656 if (uuid16 < 0x1100)
657 continue;
658
659 if (uuid16 == PNP_INFO_SVCLASS_ID)
660 continue;
661
662 if (!uuids_start) {
663 uuids_start = ptr;
664 uuids_start[0] = 1;
665 uuids_start[1] = EIR_UUID16_ALL;
666 ptr += 2;
667 }
668
669 /* Stop if not enough space to put next UUID */
670 if ((ptr - data) + sizeof(u16) > len) {
671 uuids_start[1] = EIR_UUID16_SOME;
672 break;
673 }
674
675 *ptr++ = (uuid16 & 0x00ff);
676 *ptr++ = (uuid16 & 0xff00) >> 8;
677 uuids_start[0] += sizeof(uuid16);
678 }
679
680 return ptr;
681}
682
cdf1963f
JH		 683static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
684{
685 u8 *ptr = data, *uuids_start = NULL;
686 struct bt_uuid *uuid;
687
688 if (len < 6)
689 return ptr;
690
691 list_for_each_entry(uuid, &hdev->uuids, list) {
692 if (uuid->size != 32)
693 continue;
694
695 if (!uuids_start) {
696 uuids_start = ptr;
697 uuids_start[0] = 1;
698 uuids_start[1] = EIR_UUID32_ALL;
699 ptr += 2;
700 }
701
702 /* Stop if not enough space to put next UUID */
703 if ((ptr - data) + sizeof(u32) > len) {
704 uuids_start[1] = EIR_UUID32_SOME;
705 break;
706 }
707
708 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
709 ptr += sizeof(u32);
710 uuids_start[0] += sizeof(u32);
711 }
712
713 return ptr;
714}
715
c00d575b
JH		 716static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
717{
718 u8 *ptr = data, *uuids_start = NULL;
719 struct bt_uuid *uuid;
720
721 if (len < 18)
722 return ptr;
723
724 list_for_each_entry(uuid, &hdev->uuids, list) {
725 if (uuid->size != 128)
726 continue;
727
728 if (!uuids_start) {
729 uuids_start = ptr;
730 uuids_start[0] = 1;
731 uuids_start[1] = EIR_UUID128_ALL;
732 ptr += 2;
733 }
734
735 /* Stop if not enough space to put next UUID */
736 if ((ptr - data) + 16 > len) {
737 uuids_start[1] = EIR_UUID128_SOME;
738 break;
739 }
740
741 memcpy(ptr, uuid->uuid, 16);
742 ptr += 16;
743 uuids_start[0] += 16;
744 }
745
746 return ptr;
747}
748
eb2a8d20
JH		 749static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
750{
751 struct pending_cmd *cmd;
752
753 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
754 if (cmd->opcode == opcode)
755 return cmd;
756 }
757
758 return NULL;
759}
760
95868426
JH		 761static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
762 struct hci_dev *hdev,
763 const void *data)
764{
765 struct pending_cmd *cmd;
766
767 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
768 if (cmd->user_data != data)
769 continue;
770 if (cmd->opcode == opcode)
771 return cmd;
772 }
773
774 return NULL;
775}
776
f14d8f64
MH		 777static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
778{
7a5f4990
MH		 779 u8 ad_len = 0;
780 size_t name_len;
781
782 name_len = strlen(hdev->dev_name);
783 if (name_len > 0) {
784 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
785
786 if (name_len > max_len) {
787 name_len = max_len;
788 ptr[1] = EIR_NAME_SHORT;
789 } else
790 ptr[1] = EIR_NAME_COMPLETE;
791
792 ptr[0] = name_len + 1;
793
794 memcpy(ptr + 2, hdev->dev_name, name_len);
795
796 ad_len += (name_len + 2);
797 ptr += (name_len + 2);
798 }
799
800 return ad_len;
f14d8f64
MH		 801}
802
803static void update_scan_rsp_data(struct hci_request *req)
804{
805 struct hci_dev *hdev = req->hdev;
806 struct hci_cp_le_set_scan_rsp_data cp;
807 u8 len;
808
7751ef1b 809 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 810 return;
811
812 memset(&cp, 0, sizeof(cp));
813
814 len = create_scan_rsp_data(hdev, cp.data);
815
eb438b5f
JH		 816 if (hdev->scan_rsp_data_len == len &&
817 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 818 return;
819
eb438b5f
JH		 820 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
821 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 822
823 cp.length = len;
824
825 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
826}
827
9a43e25f
JH		 828static u8 get_adv_discov_flags(struct hci_dev *hdev)
829{
830 struct pending_cmd *cmd;
831
832 /* If there's a pending mgmt command the flags will not yet have
833 * their final values, so check for this first.
834 */
835 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
836 if (cmd) {
837 struct mgmt_mode *cp = cmd->param;
838 if (cp->val == 0x01)
839 return LE_AD_GENERAL;
840 else if (cp->val == 0x02)
841 return LE_AD_LIMITED;
842 } else {
843 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
844 return LE_AD_LIMITED;
845 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
846 return LE_AD_GENERAL;
847 }
848
849 return 0;
850}
851
46cad2ed 852static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 853{
854 u8 ad_len = 0, flags = 0;
441ad2d0 855
9a43e25f 856 flags |= get_adv_discov_flags(hdev);
441ad2d0 857
e834004b 858 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 859 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 860
861 if (flags) {
862 BT_DBG("adv flags 0x%02x", flags);
863
864 ptr[0] = 2;
865 ptr[1] = EIR_FLAGS;
866 ptr[2] = flags;
867
868 ad_len += 3;
869 ptr += 3;
870 }
871
872 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
873 ptr[0] = 2;
874 ptr[1] = EIR_TX_POWER;
875 ptr[2] = (u8) hdev->adv_tx_power;
876
877 ad_len += 3;
878 ptr += 3;
879 }
880
441ad2d0
MH		 881 return ad_len;
882}
883
5947f4bc 884static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 885{
886 struct hci_dev *hdev = req->hdev;
887 struct hci_cp_le_set_adv_data cp;
888 u8 len;
889
10994ce6 890 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 891 return;
892
893 memset(&cp, 0, sizeof(cp));
894
46cad2ed 895 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 896
897 if (hdev->adv_data_len == len &&
898 memcmp(cp.data, hdev->adv_data, len) == 0)
899 return;
900
901 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
902 hdev->adv_data_len = len;
903
904 cp.length = len;
905
906 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
907}
908
ef580372
JH		 909static void create_eir(struct hci_dev *hdev, u8 *data)
910{
911 u8 *ptr = data;
ef580372
JH		 912 size_t name_len;
913
914 name_len = strlen(hdev->dev_name);
915
916 if (name_len > 0) {
917 /* EIR Data type */
918 if (name_len > 48) {
919 name_len = 48;
920 ptr[1] = EIR_NAME_SHORT;
921 } else
922 ptr[1] = EIR_NAME_COMPLETE;
923
924 /* EIR Data length */
925 ptr[0] = name_len + 1;
926
927 memcpy(ptr + 2, hdev->dev_name, name_len);
928
ef580372
JH		 929 ptr += (name_len + 2);
930 }
931
bbaf444a 932 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 933 ptr[0] = 2;
934 ptr[1] = EIR_TX_POWER;
935 ptr[2] = (u8) hdev->inq_tx_power;
936
91c4e9b1
MH		 937 ptr += 3;
938 }
939
2b9be137
MH		 940 if (hdev->devid_source > 0) {
941 ptr[0] = 9;
942 ptr[1] = EIR_DEVICE_ID;
943
944 put_unaligned_le16(hdev->devid_source, ptr + 2);
945 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
946 put_unaligned_le16(hdev->devid_product, ptr + 6);
947 put_unaligned_le16(hdev->devid_version, ptr + 8);
948
2b9be137
MH		 949 ptr += 10;
950 }
951
213202ed 952 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 953 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 954 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 955}
956
890ea898 957static void update_eir(struct hci_request *req)
ef580372 958{
890ea898 959 struct hci_dev *hdev = req->hdev;
ef580372
JH		 960 struct hci_cp_write_eir cp;
961
504c8dcd 962 if (!hdev_is_powered(hdev))
890ea898 963 return;
7770c4aa 964
976eb20e 965 if (!lmp_ext_inq_capable(hdev))
890ea898 966 return;
ef580372 967
84bde9d6 968 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 969 return;
ef580372 970
a8b2d5c2 971 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 972 return;
ef580372
JH		 973
974 memset(&cp, 0, sizeof(cp));
975
976 create_eir(hdev, cp.data);
977
978 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 979 return;
ef580372
JH		 980
981 memcpy(hdev->eir, cp.data, sizeof(cp.data));
982
890ea898 983 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 984}
985
986static u8 get_service_classes(struct hci_dev *hdev)
987{
988 struct bt_uuid *uuid;
989 u8 val = 0;
990
991 list_for_each_entry(uuid, &hdev->uuids, list)
992 val |= uuid->svc_hint;
993
994 return val;
995}
996
890ea898 997static void update_class(struct hci_request *req)
ef580372 998{
890ea898 999 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1000 u8 cod[3];
1001
1002 BT_DBG("%s", hdev->name);
1003
504c8dcd 1004 if (!hdev_is_powered(hdev))
890ea898 1005 return;
7770c4aa 1006
f87ea1da
JH		 1007 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1008 return;
1009
a8b2d5c2 1010 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1011 return;
ef580372
JH		 1012
1013 cod[0] = hdev->minor_class;
1014 cod[1] = hdev->major_class;
1015 cod[2] = get_service_classes(hdev);
1016
6acd7db4
MH		 1017 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1018 cod[1] |= 0x20;
1019
ef580372 1020 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1021 return;
ef580372 1022
890ea898 1023 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1024}
1025
a4858cb9 1026static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 1027{
1028 struct pending_cmd *cmd;
199a2fb1
JH		 1029
1030 /* If there's a pending mgmt command the flag will not yet have
1031 * it's final value, so check for this first.
1032 */
1033 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1034 if (cmd) {
1035 struct mgmt_mode *cp = cmd->param;
a4858cb9 1036 return cp->val;
199a2fb1
JH		 1037 }
1038
a4858cb9 1039 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1040}
1041
1042static void enable_advertising(struct hci_request *req)
1043{
1044 struct hci_dev *hdev = req->hdev;
1045 struct hci_cp_le_set_adv_param cp;
8f2a0601 1046 u8 own_addr_type, enable = 0x01;
a4858cb9 1047 bool connectable;
199a2fb1 1048
8d97250e
JH		 1049 /* Clear the HCI_ADVERTISING bit temporarily so that the
1050 * hci_update_random_address knows that it's safe to go ahead
1051 * and write a new random address. The flag will be set back on
1052 * as soon as the SET_ADV_ENABLE HCI command completes.
1053 */
1054 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1055
a4858cb9 1056 connectable = get_connectable(hdev);
8f2a0601 1057
a4858cb9
JH		 1058 /* Set require_privacy to true only when non-connectable
1059 * advertising is used. In that case it is fine to use a
1060 * non-resolvable private address.
1061 */
1062 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1063 return;
1064
41c90c18 1065 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 1066 cp.min_interval = cpu_to_le16(0x0800);
1067 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 1068 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1069 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1070 cp.channel_map = hdev->le_adv_channel_map;
1071
1072 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1073
1074 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1075}
1076
1077static void disable_advertising(struct hci_request *req)
1078{
1079 u8 enable = 0x00;
1080
1081 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1082}
1083
7d78525d
JH		 1084static void service_cache_off(struct work_struct *work)
1085{
1086 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1087 service_cache.work);
890ea898 1088 struct hci_request req;
7d78525d 1089
a8b2d5c2 1090 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1091 return;
1092
890ea898
JH		 1093 hci_req_init(&req, hdev);
1094
7d78525d
JH		 1095 hci_dev_lock(hdev);
1096
890ea898
JH		 1097 update_eir(&req);
1098 update_class(&req);
7d78525d
JH		 1099
1100 hci_dev_unlock(hdev);
890ea898
JH		 1101
1102 hci_req_run(&req, NULL);
7d78525d
JH		 1103}
1104
d6bfd59c
JH		 1105static void rpa_expired(struct work_struct *work)
1106{
1107 struct hci_dev *hdev = container_of(work, struct hci_dev,
1108 rpa_expired.work);
1109 struct hci_request req;
1110
1111 BT_DBG("");
1112
1113 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1114
1115 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
1116 hci_conn_num(hdev, LE_LINK) > 0)
1117 return;
1118
1119 /* The generation of a new RPA and programming it into the
1120 * controller happens in the enable_advertising() function.
1121 */
1122
1123 hci_req_init(&req, hdev);
1124
1125 disable_advertising(&req);
1126 enable_advertising(&req);
1127
1128 hci_req_run(&req, NULL);
1129}
1130
6a919082 1131static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1132{
4f87da80 1133 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1134 return;
1135
4f87da80 1136 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1137 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1138
4f87da80
JH		 1139 /* Non-mgmt controlled devices get this bit set
1140 * implicitly so that pairing works for them, however
1141 * for mgmt we require user-space to explicitly enable
1142 * it
1143 */
1144 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 1145}
1146
0f4e68cf 1147static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1148 void *data, u16 data_len)
0381101f 1149{
a38528f1 1150 struct mgmt_rp_read_info rp;
f7b64e69 1151
bdb6d971 1152 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1153
09fd0de5 1154 hci_dev_lock(hdev);
f7b64e69 1155
dc4fe30b
JH		 1156 memset(&rp, 0, sizeof(rp));
1157
69ab39ea 1158 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1159
69ab39ea 1160 rp.version = hdev->hci_ver;
eb55ef07 1161 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1162
1163 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1164 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1165
a38528f1 1166 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1167
dc4fe30b 1168 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1169 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1170
09fd0de5 1171 hci_dev_unlock(hdev);
0381101f 1172
bdb6d971 1173 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 1174 sizeof(rp));
0381101f
JH		 1175}
1176
eec8d2bc
JH		 1177static void mgmt_pending_free(struct pending_cmd *cmd)
1178{
1179 sock_put(cmd->sk);
c68fb7ff 1180 kfree(cmd->param);
eec8d2bc
JH		 1181 kfree(cmd);
1182}
1183
366a0336 1184static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1185 struct hci_dev *hdev, void *data,
1186 u16 len)
eec8d2bc
JH		 1187{
1188 struct pending_cmd *cmd;
1189
fca20018 1190 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1191 if (!cmd)
366a0336 1192 return NULL;
eec8d2bc
JH		 1193
1194 cmd->opcode = opcode;
2e58ef3e 1195 cmd->index = hdev->id;
eec8d2bc 1196
12b94565 1197 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 1198 if (!cmd->param) {
eec8d2bc 1199 kfree(cmd);
366a0336 1200 return NULL;
eec8d2bc
JH		 1201 }
1202
8fce6357
SJ		 1203 if (data)
1204 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1205
1206 cmd->sk = sk;
1207 sock_hold(sk);
1208
2e58ef3e 1209 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1210
366a0336 1211 return cmd;
eec8d2bc
JH		 1212}
1213
744cf19e 1214static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1215 void (*cb)(struct pending_cmd *cmd,
1216 void *data),
04124681 1217 void *data)
eec8d2bc 1218{
a3d09356 1219 struct pending_cmd *cmd, *tmp;
eec8d2bc 1220
a3d09356 1221 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1222 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1223 continue;
1224
eec8d2bc
JH		 1225 cb(cmd, data);
1226 }
1227}
1228
a664b5bc 1229static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1230{
73f22f62
JH		 1231 list_del(&cmd->list);
1232 mgmt_pending_free(cmd);
1233}
1234
69ab39ea 1235static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1236{
69ab39ea 1237 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1238
aee9b218 1239 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1240 sizeof(settings));
8680570b
JH		 1241}
1242
8b064a3a
JH		 1243static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1244{
1245 BT_DBG("%s status 0x%02x", hdev->name, status);
1246
a3172b7e
JH		 1247 if (hci_conn_count(hdev) == 0) {
1248 cancel_delayed_work(&hdev->power_off);
8b064a3a 1249 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1250 }
8b064a3a
JH		 1251}
1252
21a60d30
JH		 1253static void hci_stop_discovery(struct hci_request *req)
1254{
1255 struct hci_dev *hdev = req->hdev;
1256 struct hci_cp_remote_name_req_cancel cp;
1257 struct inquiry_entry *e;
1258
1259 switch (hdev->discovery.state) {
1260 case DISCOVERY_FINDING:
1261 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1262 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1263 } else {
1264 cancel_delayed_work(&hdev->le_scan_disable);
1265 hci_req_add_le_scan_disable(req);
1266 }
1267
1268 break;
1269
1270 case DISCOVERY_RESOLVING:
1271 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1272 NAME_PENDING);
1273 if (!e)
1274 return;
1275
1276 bacpy(&cp.bdaddr, &e->data.bdaddr);
1277 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1278 &cp);
1279
1280 break;
1281
1282 default:
1283 /* Passive scanning */
1284 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1285 hci_req_add_le_scan_disable(req);
1286 break;
1287 }
1288}
1289
8b064a3a
JH		 1290static int clean_up_hci_state(struct hci_dev *hdev)
1291{
1292 struct hci_request req;
1293 struct hci_conn *conn;
1294
1295 hci_req_init(&req, hdev);
1296
1297 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1298 test_bit(HCI_PSCAN, &hdev->flags)) {
1299 u8 scan = 0x00;
1300 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1301 }
1302
1303 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1304 disable_advertising(&req);
1305
f8680f12 1306 hci_stop_discovery(&req);
8b064a3a
JH		 1307
1308 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1309 struct hci_cp_disconnect dc;
c9910d0f
JH		 1310 struct hci_cp_reject_conn_req rej;
1311
1312 switch (conn->state) {
1313 case BT_CONNECTED:
1314 case BT_CONFIG:
1315 dc.handle = cpu_to_le16(conn->handle);
1316 dc.reason = 0x15; /* Terminated due to Power Off */
1317 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1318 break;
1319 case BT_CONNECT:
1320 if (conn->type == LE_LINK)
1321 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1322 0, NULL);
1323 else if (conn->type == ACL_LINK)
1324 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1325 6, &conn->dst);
1326 break;
1327 case BT_CONNECT2:
1328 bacpy(&rej.bdaddr, &conn->dst);
1329 rej.reason = 0x15; /* Terminated due to Power Off */
1330 if (conn->type == ACL_LINK)
1331 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1332 sizeof(rej), &rej);
1333 else if (conn->type == SCO_LINK)
1334 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1335 sizeof(rej), &rej);
1336 break;
1337 }
8b064a3a
JH		 1338 }
1339
1340 return hci_req_run(&req, clean_up_hci_complete);
1341}
1342
bdb6d971 1343static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1344 u16 len)
eec8d2bc 1345{
650f726d 1346 struct mgmt_mode *cp = data;
366a0336 1347 struct pending_cmd *cmd;
4b34ee78 1348 int err;
eec8d2bc 1349
bdb6d971 1350 BT_DBG("request for %s", hdev->name);
eec8d2bc 1351
a7e80f25
JH		 1352 if (cp->val != 0x00 && cp->val != 0x01)
1353 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1354 MGMT_STATUS_INVALID_PARAMS);
1355
09fd0de5 1356 hci_dev_lock(hdev);
eec8d2bc 1357
87b95ba6
JH		 1358 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1359 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1360 MGMT_STATUS_BUSY);
1361 goto failed;
1362 }
1363
f0d4b78a
MH		 1364 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1365 cancel_delayed_work(&hdev->power_off);
1366
1367 if (cp->val) {
a1d70450
JH		 1368 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1369 data, len);
1370 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1371 goto failed;
1372 }
1373 }
1374
4b34ee78 1375 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1376 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1377 goto failed;
1378 }
1379
2e58ef3e 1380 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1381 if (!cmd) {
1382 err = -ENOMEM;
eec8d2bc 1383 goto failed;
366a0336 1384 }
eec8d2bc 1385
8b064a3a 1386 if (cp->val) {
19202573 1387 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1388 err = 0;
1389 } else {
1390 /* Disconnect connections, stop scans, etc */
1391 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1392 if (!err)
1393 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1394 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1395
8b064a3a
JH		 1396 /* ENODATA means there were no HCI commands queued */
1397 if (err == -ENODATA) {
a3172b7e 1398 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1399 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1400 err = 0;
1401 }
1402 }
eec8d2bc
JH		 1403
1404failed:
09fd0de5 1405 hci_dev_unlock(hdev);
366a0336 1406 return err;
eec8d2bc
JH		 1407}
1408
beadb2bd
JH		 1409static int new_settings(struct hci_dev *hdev, struct sock *skip)
1410{
1411 __le32 ev;
1412
1413 ev = cpu_to_le32(get_current_settings(hdev));
1414
1415 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1416}
1417
bd99abdd
JH		 1418struct cmd_lookup {
1419 struct sock *sk;
1420 struct hci_dev *hdev;
1421 u8 mgmt_status;
1422};
1423
1424static void settings_rsp(struct pending_cmd *cmd, void *data)
1425{
1426 struct cmd_lookup *match = data;
1427
1428 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1429
1430 list_del(&cmd->list);
1431
1432 if (match->sk == NULL) {
1433 match->sk = cmd->sk;
1434 sock_hold(match->sk);
1435 }
1436
1437 mgmt_pending_free(cmd);
1438}
1439
1440static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1441{
1442 u8 *status = data;
1443
1444 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1445 mgmt_pending_remove(cmd);
1446}
1447
e6fe7986
JH		 1448static u8 mgmt_bredr_support(struct hci_dev *hdev)
1449{
1450 if (!lmp_bredr_capable(hdev))
1451 return MGMT_STATUS_NOT_SUPPORTED;
1452 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1453 return MGMT_STATUS_REJECTED;
1454 else
1455 return MGMT_STATUS_SUCCESS;
1456}
1457
1458static u8 mgmt_le_support(struct hci_dev *hdev)
1459{
1460 if (!lmp_le_capable(hdev))
1461 return MGMT_STATUS_NOT_SUPPORTED;
1462 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1463 return MGMT_STATUS_REJECTED;
1464 else
1465 return MGMT_STATUS_SUCCESS;
1466}
1467
bfaf8c9f
JH		 1468static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1469{
1470 struct pending_cmd *cmd;
1471 struct mgmt_mode *cp;
970ba524 1472 struct hci_request req;
bfaf8c9f
JH		 1473 bool changed;
1474
1475 BT_DBG("status 0x%02x", status);
1476
1477 hci_dev_lock(hdev);
1478
1479 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1480 if (!cmd)
1481 goto unlock;
1482
1483 if (status) {
1484 u8 mgmt_err = mgmt_status(status);
1485 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1486 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1487 goto remove_cmd;
1488 }
1489
1490 cp = cmd->param;
d4462a07 1491 if (cp->val) {
bfaf8c9f
JH		 1492 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1493 &hdev->dev_flags);
d4462a07
MH		 1494
1495 if (hdev->discov_timeout > 0) {
1496 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1497 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1498 to);
1499 }
1500 } else {
bfaf8c9f
JH		 1501 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1502 &hdev->dev_flags);
d4462a07 1503 }
bfaf8c9f
JH		 1504
1505 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1506
1507 if (changed)
1508 new_settings(hdev, cmd->sk);
1509
970ba524
MH		 1510 /* When the discoverable mode gets changed, make sure
1511 * that class of device has the limited discoverable
1512 * bit correctly set.
1513 */
1514 hci_req_init(&req, hdev);
1515 update_class(&req);
1516 hci_req_run(&req, NULL);
1517
bfaf8c9f
JH		 1518remove_cmd:
1519 mgmt_pending_remove(cmd);
1520
1521unlock:
1522 hci_dev_unlock(hdev);
1523}
1524
bdb6d971 1525static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1526 u16 len)
73f22f62 1527{
650f726d 1528 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1529 struct pending_cmd *cmd;
bfaf8c9f 1530 struct hci_request req;
5e5282bb 1531 u16 timeout;
9a43e25f 1532 u8 scan;
73f22f62
JH		 1533 int err;
1534
bdb6d971 1535 BT_DBG("request for %s", hdev->name);
73f22f62 1536
9a43e25f
JH		 1537 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1538 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1539 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1540 MGMT_STATUS_REJECTED);
33c525c0 1541
310a3d48 1542 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1543 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1544 MGMT_STATUS_INVALID_PARAMS);
1545
1f350c87 1546 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1547
1548 /* Disabling discoverable requires that no timeout is set,
1549 * and enabling limited discoverable requires a timeout.
1550 */
1551 if ((cp->val == 0x00 && timeout > 0) ||
1552 (cp->val == 0x02 && timeout == 0))
bdb6d971 1553 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1554 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1555
09fd0de5 1556 hci_dev_lock(hdev);
73f22f62 1557
5e5282bb 1558 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1559 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1560 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1561 goto failed;
1562 }
1563
2e58ef3e 1564 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1565 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1566 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1567 MGMT_STATUS_BUSY);
73f22f62
JH		 1568 goto failed;
1569 }
1570
5e5282bb 1571 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1572 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1573 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1574 goto failed;
1575 }
1576
1577 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1578 bool changed = false;
1579
310a3d48
MH		 1580 /* Setting limited discoverable when powered off is
1581 * not a valid operation since it requires a timeout
1582 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1583 */
0224d2fa
JH		 1584 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1585 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1586 changed = true;
1587 }
1588
5e5282bb 1589 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1590 if (err < 0)
1591 goto failed;
1592
1593 if (changed)
1594 err = new_settings(hdev, sk);
1595
5e5282bb
JH		 1596 goto failed;
1597 }
1598
310a3d48
MH		 1599 /* If the current mode is the same, then just update the timeout
1600 * value with the new value. And if only the timeout gets updated,
1601 * then no need for any HCI transactions.
1602 */
1603 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1604 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1605 &hdev->dev_flags)) {
36261547
MH		 1606 cancel_delayed_work(&hdev->discov_off);
1607 hdev->discov_timeout = timeout;
955638ec 1608
36261547
MH		 1609 if (cp->val && hdev->discov_timeout > 0) {
1610 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1611 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1612 to);
955638ec
MH		 1613 }
1614
69ab39ea 1615 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1616 goto failed;
1617 }
1618
2e58ef3e 1619 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1620 if (!cmd) {
1621 err = -ENOMEM;
73f22f62 1622 goto failed;
366a0336 1623 }
73f22f62 1624
310a3d48
MH		 1625 /* Cancel any potential discoverable timeout that might be
1626 * still active and store new timeout value. The arming of
1627 * the timeout happens in the complete handler.
1628 */
1629 cancel_delayed_work(&hdev->discov_off);
1630 hdev->discov_timeout = timeout;
1631
b456f87c
JH		 1632 /* Limited discoverable mode */
1633 if (cp->val == 0x02)
1634 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1635 else
1636 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1637
bfaf8c9f
JH		 1638 hci_req_init(&req, hdev);
1639
9a43e25f
JH		 1640 /* The procedure for LE-only controllers is much simpler - just
1641 * update the advertising data.
1642 */
1643 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1644 goto update_ad;
1645
73f22f62
JH		 1646 scan = SCAN_PAGE;
1647
310a3d48
MH		 1648 if (cp->val) {
1649 struct hci_cp_write_current_iac_lap hci_cp;
1650
1651 if (cp->val == 0x02) {
1652 /* Limited discoverable mode */
33337dcb 1653 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1654 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1655 hci_cp.iac_lap[1] = 0x8b;
1656 hci_cp.iac_lap[2] = 0x9e;
1657 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1658 hci_cp.iac_lap[4] = 0x8b;
1659 hci_cp.iac_lap[5] = 0x9e;
1660 } else {
1661 /* General discoverable mode */
310a3d48
MH		 1662 hci_cp.num_iac = 1;
1663 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1664 hci_cp.iac_lap[1] = 0x8b;
1665 hci_cp.iac_lap[2] = 0x9e;
1666 }
1667
1668 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1669 (hci_cp.num_iac * 3) + 1, &hci_cp);
1670
73f22f62 1671 scan |= SCAN_INQUIRY;
310a3d48
MH		 1672 } else {
1673 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1674 }
73f22f62 1675
310a3d48 1676 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1677
9a43e25f
JH		 1678update_ad:
1679 update_adv_data(&req);
1680
bfaf8c9f 1681 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1682 if (err < 0)
a664b5bc 1683 mgmt_pending_remove(cmd);
73f22f62
JH		 1684
1685failed:
09fd0de5 1686 hci_dev_unlock(hdev);
73f22f62
JH		 1687 return err;
1688}
1689
406d7804
JH		 1690static void write_fast_connectable(struct hci_request *req, bool enable)
1691{
bd98b996 1692 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1693 struct hci_cp_write_page_scan_activity acp;
1694 u8 type;
1695
547003b1
JH		 1696 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1697 return;
1698
4c01f8b8
JH		 1699 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1700 return;
1701
406d7804
JH		 1702 if (enable) {
1703 type = PAGE_SCAN_TYPE_INTERLACED;
1704
1705 /* 160 msec page scan interval */
dcf4adbf 1706 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1707 } else {
1708 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1709
1710 /* default 1.28 sec page scan */
dcf4adbf 1711 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1712 }
1713
dcf4adbf 1714 acp.window = cpu_to_le16(0x0012);
406d7804 1715
bd98b996
JH		 1716 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1717 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1718 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1719 sizeof(acp), &acp);
1720
1721 if (hdev->page_scan_type != type)
1722 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1723}
1724
2b76f453
JH		 1725static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1726{
1727 struct pending_cmd *cmd;
d7b856f9
JH		 1728 struct mgmt_mode *cp;
1729 bool changed;
2b76f453
JH		 1730
1731 BT_DBG("status 0x%02x", status);
1732
1733 hci_dev_lock(hdev);
1734
1735 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1736 if (!cmd)
1737 goto unlock;
1738
37438c1f
JH		 1739 if (status) {
1740 u8 mgmt_err = mgmt_status(status);
1741 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1742 goto remove_cmd;
1743 }
1744
d7b856f9
JH		 1745 cp = cmd->param;
1746 if (cp->val)
1747 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1748 else
1749 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1750
2b76f453
JH		 1751 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1752
2b7be33e 1753 if (changed) {
d7b856f9 1754 new_settings(hdev, cmd->sk);
2b7be33e
JH		 1755 hci_update_background_scan(hdev);
1756 }
d7b856f9 1757
37438c1f 1758remove_cmd:
2b76f453
JH		 1759 mgmt_pending_remove(cmd);
1760
1761unlock:
1762 hci_dev_unlock(hdev);
1763}
1764
e8ba3a1f
JH		 1765static int set_connectable_update_settings(struct hci_dev *hdev,
1766 struct sock *sk, u8 val)
1767{
1768 bool changed = false;
1769 int err;
1770
1771 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1772 changed = true;
1773
1774 if (val) {
1775 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1776 } else {
1777 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1778 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1779 }
1780
1781 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1782 if (err < 0)
1783 return err;
1784
1785 if (changed)
1786 return new_settings(hdev, sk);
1787
1788 return 0;
1789}
1790
bdb6d971 1791static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1792 u16 len)
9fbcbb45 1793{
650f726d 1794 struct mgmt_mode *cp = data;
366a0336 1795 struct pending_cmd *cmd;
2b76f453 1796 struct hci_request req;
1987fdc7 1797 u8 scan;
9fbcbb45
JH		 1798 int err;
1799
bdb6d971 1800 BT_DBG("request for %s", hdev->name);
9fbcbb45 1801
1987fdc7
JH		 1802 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1803 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1804 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1805 MGMT_STATUS_REJECTED);
33c525c0 1806
a7e80f25
JH		 1807 if (cp->val != 0x00 && cp->val != 0x01)
1808 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1809 MGMT_STATUS_INVALID_PARAMS);
1810
09fd0de5 1811 hci_dev_lock(hdev);
9fbcbb45 1812
4b34ee78 1813 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1814 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1815 goto failed;
1816 }
1817
2e58ef3e 1818 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1819 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1820 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1821 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1822 goto failed;
1823 }
1824
2e58ef3e 1825 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1826 if (!cmd) {
1827 err = -ENOMEM;
9fbcbb45 1828 goto failed;
366a0336 1829 }
9fbcbb45 1830
9b74246f 1831 hci_req_init(&req, hdev);
9fbcbb45 1832
9a43e25f
JH		 1833 /* If BR/EDR is not enabled and we disable advertising as a
1834 * by-product of disabling connectable, we need to update the
1835 * advertising flags.
1836 */
1837 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1838 if (!cp->val) {
1839 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1840 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1841 }
1842 update_adv_data(&req);
1843 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1844 if (cp->val) {
1845 scan = SCAN_PAGE;
1846 } else {
1847 scan = 0;
1848
1849 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1850 hdev->discov_timeout > 0)
9b74246f
JH		 1851 cancel_delayed_work(&hdev->discov_off);
1852 }
2b76f453 1853
9b74246f
JH		 1854 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1855 }
2b76f453 1856
4c01f8b8
JH		 1857 /* If we're going from non-connectable to connectable or
1858 * vice-versa when fast connectable is enabled ensure that fast
1859 * connectable gets disabled. write_fast_connectable won't do
1860 * anything if the page scan parameters are already what they
1861 * should be.
1862 */
1863 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1864 write_fast_connectable(&req, false);
1865
1987fdc7
JH		 1866 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1867 hci_conn_num(hdev, LE_LINK) == 0) {
1868 disable_advertising(&req);
1869 enable_advertising(&req);
1870 }
1871
2b76f453 1872 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1873 if (err < 0) {
a664b5bc 1874 mgmt_pending_remove(cmd);
9b74246f 1875 if (err == -ENODATA)
a81070ba
JH		 1876 err = set_connectable_update_settings(hdev, sk,
1877 cp->val);
9b74246f
JH		 1878 goto failed;
1879 }
9fbcbb45
JH		 1880
1881failed:
09fd0de5 1882 hci_dev_unlock(hdev);
9fbcbb45
JH		 1883 return err;
1884}
1885
bdb6d971 1886static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1887 u16 len)
c542a06c 1888{
650f726d 1889 struct mgmt_mode *cp = data;
55594356 1890 bool changed;
c542a06c
JH		 1891 int err;
1892
bdb6d971 1893 BT_DBG("request for %s", hdev->name);
c542a06c 1894
a7e80f25
JH		 1895 if (cp->val != 0x00 && cp->val != 0x01)
1896 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1897 MGMT_STATUS_INVALID_PARAMS);
1898
09fd0de5 1899 hci_dev_lock(hdev);
c542a06c
JH		 1900
1901 if (cp->val)
55594356 1902 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1903 else
55594356 1904 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1905
69ab39ea 1906 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1907 if (err < 0)
55594356 1908 goto unlock;
c542a06c 1909
55594356
MH		 1910 if (changed)
1911 err = new_settings(hdev, sk);
c542a06c 1912
55594356 1913unlock:
09fd0de5 1914 hci_dev_unlock(hdev);
c542a06c
JH		 1915 return err;
1916}
1917
04124681
GP		 1918static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1919 u16 len)
33ef95ed
JH		 1920{
1921 struct mgmt_mode *cp = data;
1922 struct pending_cmd *cmd;
e6fe7986 1923 u8 val, status;
33ef95ed
JH		 1924 int err;
1925
bdb6d971 1926 BT_DBG("request for %s", hdev->name);
33ef95ed 1927
e6fe7986
JH		 1928 status = mgmt_bredr_support(hdev);
1929 if (status)
33c525c0 1930 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1931 status);
33c525c0 1932
a7e80f25
JH		 1933 if (cp->val != 0x00 && cp->val != 0x01)
1934 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1935 MGMT_STATUS_INVALID_PARAMS);
1936
33ef95ed
JH		 1937 hci_dev_lock(hdev);
1938
4b34ee78 1939 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1940 bool changed = false;
1941
1942 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1943 &hdev->dev_flags)) {
47990ea0
JH		 1944 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1945 changed = true;
1946 }
1947
1948 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1949 if (err < 0)
1950 goto failed;
1951
1952 if (changed)
1953 err = new_settings(hdev, sk);
1954
33ef95ed
JH		 1955 goto failed;
1956 }
1957
1958 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1959 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1960 MGMT_STATUS_BUSY);
33ef95ed
JH		 1961 goto failed;
1962 }
1963
1964 val = !!cp->val;
1965
1966 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1967 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1968 goto failed;
1969 }
1970
1971 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1972 if (!cmd) {
1973 err = -ENOMEM;
1974 goto failed;
1975 }
1976
1977 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1978 if (err < 0) {
1979 mgmt_pending_remove(cmd);
1980 goto failed;
1981 }
1982
1983failed:
1984 hci_dev_unlock(hdev);
33ef95ed
JH		 1985 return err;
1986}
1987
bdb6d971 1988static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1989{
1990 struct mgmt_mode *cp = data;
1991 struct pending_cmd *cmd;
72ef0c1a 1992 u8 status;
ed2c4ee3
JH		 1993 int err;
1994
bdb6d971 1995 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1996
cdba5281
MH		 1997 status = mgmt_bredr_support(hdev);
1998 if (status)
1999 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2000
13ecd8b6
JH		 2001 if (!lmp_ssp_capable(hdev))
2002 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2003 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2004
a7e80f25
JH		 2005 if (cp->val != 0x00 && cp->val != 0x01)
2006 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2007 MGMT_STATUS_INVALID_PARAMS);
2008
13ecd8b6 2009 hci_dev_lock(hdev);
6c8f12c1 2010
4b34ee78 2011 if (!hdev_is_powered(hdev)) {
9ecb3e24 2012 bool changed;
c0ecddc2 2013
9ecb3e24
MH		 2014 if (cp->val) {
2015 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2016 &hdev->dev_flags);
2017 } else {
2018 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2019 &hdev->dev_flags);
2020 if (!changed)
2021 changed = test_and_clear_bit(HCI_HS_ENABLED,
2022 &hdev->dev_flags);
2023 else
2024 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2025 }
2026
2027 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2028 if (err < 0)
2029 goto failed;
2030
2031 if (changed)
2032 err = new_settings(hdev, sk);
2033
ed2c4ee3
JH		 2034 goto failed;
2035 }
2036
9ecb3e24
MH		 2037 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2038 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 2039 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2040 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2041 goto failed;
2042 }
2043
72ef0c1a 2044 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2045 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2046 goto failed;
2047 }
2048
2049 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2050 if (!cmd) {
2051 err = -ENOMEM;
2052 goto failed;
2053 }
2054
3769972b
JH		 2055 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2056 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2057 sizeof(cp->val), &cp->val);
2058
72ef0c1a 2059 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2060 if (err < 0) {
2061 mgmt_pending_remove(cmd);
2062 goto failed;
2063 }
2064
2065failed:
2066 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2067 return err;
2068}
2069
bdb6d971 2070static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2071{
2072 struct mgmt_mode *cp = data;
ee392693 2073 bool changed;
e6fe7986 2074 u8 status;
ee392693 2075 int err;
6d80dfd0 2076
bdb6d971 2077 BT_DBG("request for %s", hdev->name);
6d80dfd0 2078
e6fe7986
JH		 2079 status = mgmt_bredr_support(hdev);
2080 if (status)
2081 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2082
9ecb3e24
MH		 2083 if (!lmp_ssp_capable(hdev))
2084 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2085 MGMT_STATUS_NOT_SUPPORTED);
2086
2087 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2088 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2089 MGMT_STATUS_REJECTED);
2090
a7e80f25
JH		 2091 if (cp->val != 0x00 && cp->val != 0x01)
2092 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2093 MGMT_STATUS_INVALID_PARAMS);
2094
ee392693
MH		 2095 hci_dev_lock(hdev);
2096
a0cdf960 2097 if (cp->val) {
ee392693 2098 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2099 } else {
2100 if (hdev_is_powered(hdev)) {
2101 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2102 MGMT_STATUS_REJECTED);
2103 goto unlock;
2104 }
2105
ee392693 2106 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2107 }
ee392693
MH		 2108
2109 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2110 if (err < 0)
2111 goto unlock;
2112
2113 if (changed)
2114 err = new_settings(hdev, sk);
6d80dfd0 2115
ee392693
MH		 2116unlock:
2117 hci_dev_unlock(hdev);
2118 return err;
6d80dfd0
JH		 2119}
2120
416a4ae5
JH		 2121static void le_enable_complete(struct hci_dev *hdev, u8 status)
2122{
2123 struct cmd_lookup match = { NULL, hdev };
2124
2125 if (status) {
2126 u8 mgmt_err = mgmt_status(status);
2127
2128 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2129 &mgmt_err);
2130 return;
2131 }
2132
2133 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2134
2135 new_settings(hdev, match.sk);
2136
2137 if (match.sk)
2138 sock_put(match.sk);
441ad2d0
MH		 2139
2140 /* Make sure the controller has a good default for
2141 * advertising data. Restrict the update to when LE
2142 * has actually been enabled. During power on, the
2143 * update in powered_update_hci will take care of it.
2144 */
2145 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2146 struct hci_request req;
2147
2148 hci_dev_lock(hdev);
2149
2150 hci_req_init(&req, hdev);
5947f4bc 2151 update_adv_data(&req);
f14d8f64 2152 update_scan_rsp_data(&req);
441ad2d0
MH		 2153 hci_req_run(&req, NULL);
2154
2155 hci_dev_unlock(hdev);
2156 }
416a4ae5
JH		 2157}
2158
bdb6d971 2159static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2160{
2161 struct mgmt_mode *cp = data;
2162 struct hci_cp_write_le_host_supported hci_cp;
2163 struct pending_cmd *cmd;
416a4ae5 2164 struct hci_request req;
06199cf8 2165 int err;
0b60eba1 2166 u8 val, enabled;
06199cf8 2167
bdb6d971 2168 BT_DBG("request for %s", hdev->name);
06199cf8 2169
13ecd8b6
JH		 2170 if (!lmp_le_capable(hdev))
2171 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2172 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2173
a7e80f25
JH		 2174 if (cp->val != 0x00 && cp->val != 0x01)
2175 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2176 MGMT_STATUS_INVALID_PARAMS);
2177
c73eee91 2178 /* LE-only devices do not allow toggling LE on/off */
56f87901 2179 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2180 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2181 MGMT_STATUS_REJECTED);
2182
13ecd8b6 2183 hci_dev_lock(hdev);
06199cf8
JH		 2184
2185 val = !!cp->val;
ffa88e02 2186 enabled = lmp_host_le_capable(hdev);
06199cf8 2187
0b60eba1 2188 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2189 bool changed = false;
2190
2191 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2192 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2193 changed = true;
2194 }
2195
f3d3444a
JH		 2196 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2197 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2198 changed = true;
2199 }
2200
06199cf8
JH		 2201 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2202 if (err < 0)
1de028ce 2203 goto unlock;
06199cf8
JH		 2204
2205 if (changed)
2206 err = new_settings(hdev, sk);
2207
1de028ce 2208 goto unlock;
06199cf8
JH		 2209 }
2210
4375f103
JH		 2211 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2212 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2213 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2214 MGMT_STATUS_BUSY);
1de028ce 2215 goto unlock;
06199cf8
JH		 2216 }
2217
2218 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2219 if (!cmd) {
2220 err = -ENOMEM;
1de028ce 2221 goto unlock;
06199cf8
JH		 2222 }
2223
441ad2d0
MH		 2224 hci_req_init(&req, hdev);
2225
06199cf8
JH		 2226 memset(&hci_cp, 0, sizeof(hci_cp));
2227
2228 if (val) {
2229 hci_cp.le = val;
ffa88e02 2230 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2231 } else {
2232 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2233 disable_advertising(&req);
06199cf8
JH		 2234 }
2235
416a4ae5
JH		 2236 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2237 &hci_cp);
2238
2239 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2240 if (err < 0)
06199cf8 2241 mgmt_pending_remove(cmd);
06199cf8 2242
1de028ce
JH		 2243unlock:
2244 hci_dev_unlock(hdev);
06199cf8
JH		 2245 return err;
2246}
2247
0cab9c80
JH		 2248/* This is a helper function to test for pending mgmt commands that can
2249 * cause CoD or EIR HCI commands. We can only allow one such pending
2250 * mgmt command at a time since otherwise we cannot easily track what
2251 * the current values are, will be, and based on that calculate if a new
2252 * HCI command needs to be sent and if yes with what value.
2253 */
2254static bool pending_eir_or_class(struct hci_dev *hdev)
2255{
2256 struct pending_cmd *cmd;
2257
2258 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2259 switch (cmd->opcode) {
2260 case MGMT_OP_ADD_UUID:
2261 case MGMT_OP_REMOVE_UUID:
2262 case MGMT_OP_SET_DEV_CLASS:
2263 case MGMT_OP_SET_POWERED:
2264 return true;
2265 }
2266 }
2267
2268 return false;
2269}
2270
83be8eca
JH		 2271static const u8 bluetooth_base_uuid[] = {
2272 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2273 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2274};
2275
2276static u8 get_uuid_size(const u8 *uuid)
2277{
2278 u32 val;
2279
2280 if (memcmp(uuid, bluetooth_base_uuid, 12))
2281 return 128;
2282
2283 val = get_unaligned_le32(&uuid[12]);
2284 if (val > 0xffff)
2285 return 32;
2286
2287 return 16;
2288}
2289
92da6097
JH		 2290static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2291{
2292 struct pending_cmd *cmd;
2293
2294 hci_dev_lock(hdev);
2295
2296 cmd = mgmt_pending_find(mgmt_op, hdev);
2297 if (!cmd)
2298 goto unlock;
2299
2300 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2301 hdev->dev_class, 3);
2302
2303 mgmt_pending_remove(cmd);
2304
2305unlock:
2306 hci_dev_unlock(hdev);
2307}
2308
2309static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2310{
2311 BT_DBG("status 0x%02x", status);
2312
2313 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2314}
2315
bdb6d971 2316static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2317{
650f726d 2318 struct mgmt_cp_add_uuid *cp = data;
90e70454 2319 struct pending_cmd *cmd;
890ea898 2320 struct hci_request req;
2aeb9a1a 2321 struct bt_uuid *uuid;
2aeb9a1a
JH		 2322 int err;
2323
bdb6d971 2324 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2325
09fd0de5 2326 hci_dev_lock(hdev);
2aeb9a1a 2327
0cab9c80 2328 if (pending_eir_or_class(hdev)) {
bdb6d971 2329 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2330 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2331 goto failed;
2332 }
2333
92c4c204 2334 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2335 if (!uuid) {
2336 err = -ENOMEM;
2337 goto failed;
2338 }
2339
2340 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2341 uuid->svc_hint = cp->svc_hint;
83be8eca 2342 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2343
de66aa63 2344 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2345
890ea898 2346 hci_req_init(&req, hdev);
1aff6f09 2347
890ea898
JH		 2348 update_class(&req);
2349 update_eir(&req);
2350
92da6097
JH		 2351 err = hci_req_run(&req, add_uuid_complete);
2352 if (err < 0) {
2353 if (err != -ENODATA)
2354 goto failed;
80a1e1db 2355
bdb6d971 2356 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2357 hdev->dev_class, 3);
90e70454
JH		 2358 goto failed;
2359 }
2360
2361 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2362 if (!cmd) {
90e70454 2363 err = -ENOMEM;
890ea898
JH		 2364 goto failed;
2365 }
2366
2367 err = 0;
2aeb9a1a
JH		 2368
2369failed:
09fd0de5 2370 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2371 return err;
2372}
2373
24b78d0f
JH		 2374static bool enable_service_cache(struct hci_dev *hdev)
2375{
2376 if (!hdev_is_powered(hdev))
2377 return false;
2378
2379 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2380 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2381 CACHE_TIMEOUT);
24b78d0f
JH		 2382 return true;
2383 }
2384
2385 return false;
2386}
2387
92da6097
JH		 2388static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2389{
2390 BT_DBG("status 0x%02x", status);
2391
2392 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2393}
2394
bdb6d971 2395static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2396 u16 len)
2aeb9a1a 2397{
650f726d 2398 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2399 struct pending_cmd *cmd;
056341c8 2400 struct bt_uuid *match, *tmp;
2aeb9a1a 2401 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2402 struct hci_request req;
2aeb9a1a
JH		 2403 int err, found;
2404
bdb6d971 2405 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2406
09fd0de5 2407 hci_dev_lock(hdev);
2aeb9a1a 2408
0cab9c80 2409 if (pending_eir_or_class(hdev)) {
bdb6d971 2410 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2411 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2412 goto unlock;
2413 }
2414
2aeb9a1a 2415 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2416 hci_uuids_clear(hdev);
4004b6d9 2417
24b78d0f 2418 if (enable_service_cache(hdev)) {
bdb6d971 2419 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2420 0, hdev->dev_class, 3);
24b78d0f
JH		 2421 goto unlock;
2422 }
4004b6d9 2423
9246a869 2424 goto update_class;
2aeb9a1a
JH		 2425 }
2426
2427 found = 0;
2428
056341c8 2429 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2430 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2431 continue;
2432
2433 list_del(&match->list);
482049f7 2434 kfree(match);
2aeb9a1a
JH		 2435 found++;
2436 }
2437
2438 if (found == 0) {
bdb6d971 2439 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2440 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2441 goto unlock;
2442 }
2443
9246a869 2444update_class:
890ea898 2445 hci_req_init(&req, hdev);
1aff6f09 2446
890ea898
JH		 2447 update_class(&req);
2448 update_eir(&req);
2449
92da6097
JH		 2450 err = hci_req_run(&req, remove_uuid_complete);
2451 if (err < 0) {
2452 if (err != -ENODATA)
2453 goto unlock;
80a1e1db 2454
bdb6d971 2455 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2456 hdev->dev_class, 3);
90e70454
JH		 2457 goto unlock;
2458 }
2459
2460 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2461 if (!cmd) {
90e70454 2462 err = -ENOMEM;
890ea898
JH		 2463 goto unlock;
2464 }
2465
2466 err = 0;
2aeb9a1a
JH		 2467
2468unlock:
09fd0de5 2469 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2470 return err;
2471}
2472
92da6097
JH		 2473static void set_class_complete(struct hci_dev *hdev, u8 status)
2474{
2475 BT_DBG("status 0x%02x", status);
2476
2477 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2478}
2479
bdb6d971 2480static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2481 u16 len)
1aff6f09 2482{
650f726d 2483 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2484 struct pending_cmd *cmd;
890ea898 2485 struct hci_request req;
1aff6f09
JH		 2486 int err;
2487
bdb6d971 2488 BT_DBG("request for %s", hdev->name);
1aff6f09 2489
6203fc98 2490 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2491 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2492 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2493
0cab9c80 2494 hci_dev_lock(hdev);
ee98f473 2495
0cab9c80
JH		 2496 if (pending_eir_or_class(hdev)) {
2497 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2498 MGMT_STATUS_BUSY);
2499 goto unlock;
2500 }
c95f0ba7 2501
0cab9c80
JH		 2502 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2503 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2504 MGMT_STATUS_INVALID_PARAMS);
2505 goto unlock;
2506 }
575b3a02 2507
932f5ff5
JH		 2508 hdev->major_class = cp->major;
2509 hdev->minor_class = cp->minor;
2510
b5235a65 2511 if (!hdev_is_powered(hdev)) {
bdb6d971 2512 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2513 hdev->dev_class, 3);
b5235a65
JH		 2514 goto unlock;
2515 }
2516
890ea898
JH		 2517 hci_req_init(&req, hdev);
2518
a8b2d5c2 2519 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2520 hci_dev_unlock(hdev);
2521 cancel_delayed_work_sync(&hdev->service_cache);
2522 hci_dev_lock(hdev);
890ea898 2523 update_eir(&req);
7d78525d 2524 }
14c0b608 2525
890ea898
JH		 2526 update_class(&req);
2527
92da6097
JH		 2528 err = hci_req_run(&req, set_class_complete);
2529 if (err < 0) {
2530 if (err != -ENODATA)
2531 goto unlock;
1aff6f09 2532
bdb6d971 2533 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2534 hdev->dev_class, 3);
90e70454
JH		 2535 goto unlock;
2536 }
2537
2538 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2539 if (!cmd) {
90e70454 2540 err = -ENOMEM;
890ea898
JH		 2541 goto unlock;
2542 }
2543
2544 err = 0;
1aff6f09 2545
b5235a65 2546unlock:
09fd0de5 2547 hci_dev_unlock(hdev);
1aff6f09
JH		 2548 return err;
2549}
2550
bdb6d971 2551static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2552 u16 len)
55ed8ca1 2553{
650f726d 2554 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2555 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2556 sizeof(struct mgmt_link_key_info));
4e51eae9 2557 u16 key_count, expected_len;
b1de97d8 2558 bool changed;
a492cd52 2559 int i;
55ed8ca1 2560
9060d5cf
MH		 2561 BT_DBG("request for %s", hdev->name);
2562
2563 if (!lmp_bredr_capable(hdev))
2564 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2565 MGMT_STATUS_NOT_SUPPORTED);
2566
1f350c87 2567 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2568 if (key_count > max_key_count) {
2569 BT_ERR("load_link_keys: too big key_count value %u",
2570 key_count);
2571 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2572 MGMT_STATUS_INVALID_PARAMS);
2573 }
55ed8ca1 2574
86742e1e
JH		 2575 expected_len = sizeof(*cp) + key_count *
2576 sizeof(struct mgmt_link_key_info);
a492cd52 2577 if (expected_len != len) {
86742e1e 2578 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2579 expected_len, len);
bdb6d971 2580 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2581 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2582 }
2583
4ae14301
JH		 2584 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2585 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2586 MGMT_STATUS_INVALID_PARAMS);
2587
bdb6d971 2588 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2589 key_count);
55ed8ca1 2590
4ee71b20
JH		 2591 for (i = 0; i < key_count; i++) {
2592 struct mgmt_link_key_info *key = &cp->keys[i];
2593
8e991132 2594 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2595 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2596 MGMT_STATUS_INVALID_PARAMS);
2597 }
2598
09fd0de5 2599 hci_dev_lock(hdev);
55ed8ca1
JH		 2600
2601 hci_link_keys_clear(hdev);
2602
55ed8ca1 2603 if (cp->debug_keys)
0663b297
JH		 2604 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2605 &hdev->dev_flags);
55ed8ca1 2606 else
0663b297
JH		 2607 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2608 &hdev->dev_flags);
b1de97d8
MH		 2609
2610 if (changed)
2611 new_settings(hdev, NULL);
55ed8ca1 2612
a492cd52 2613 for (i = 0; i < key_count; i++) {
86742e1e 2614 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2615
58e9293c
JH		 2616 /* Always ignore debug keys and require a new pairing if
2617 * the user wants to use them.
2618 */
2619 if (key->type == HCI_LK_DEBUG_COMBINATION)
2620 continue;
2621
7652ff6a
JH		 2622 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2623 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2624 }
2625
bdb6d971 2626 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2627
09fd0de5 2628 hci_dev_unlock(hdev);
55ed8ca1 2629
a492cd52 2630 return 0;
55ed8ca1
JH		 2631}
2632
b1078ad0 2633static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2634 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2635{
2636 struct mgmt_ev_device_unpaired ev;
2637
2638 bacpy(&ev.addr.bdaddr, bdaddr);
2639 ev.addr.type = addr_type;
2640
2641 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2642 skip_sk);
b1078ad0
JH		 2643}
2644
bdb6d971 2645static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2646 u16 len)
55ed8ca1 2647{
124f6e35
JH		 2648 struct mgmt_cp_unpair_device *cp = data;
2649 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2650 struct hci_cp_disconnect dc;
2651 struct pending_cmd *cmd;
55ed8ca1 2652 struct hci_conn *conn;
55ed8ca1
JH		 2653 int err;
2654
a8a1d19e 2655 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2656 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2657 rp.addr.type = cp->addr.type;
a8a1d19e 2658
4ee71b20
JH		 2659 if (!bdaddr_type_is_valid(cp->addr.type))
2660 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2661 MGMT_STATUS_INVALID_PARAMS,
2662 &rp, sizeof(rp));
2663
118da70b
JH		 2664 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2665 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2666 MGMT_STATUS_INVALID_PARAMS,
2667 &rp, sizeof(rp));
2668
4ee71b20
JH		 2669 hci_dev_lock(hdev);
2670
86a8cfc6 2671 if (!hdev_is_powered(hdev)) {
bdb6d971 2672 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2673 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2674 goto unlock;
2675 }
2676
e0b2b27e 2677 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2678 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2679 } else {
2680 u8 addr_type;
2681
2682 if (cp->addr.type == BDADDR_LE_PUBLIC)
2683 addr_type = ADDR_LE_DEV_PUBLIC;
2684 else
2685 addr_type = ADDR_LE_DEV_RANDOM;
2686
a7ec7338
JH		 2687 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2688
a9b0a04c
AG		 2689 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2690
e0b2b27e
JH		 2691 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2692 }
b0dbfb46 2693
55ed8ca1 2694 if (err < 0) {
bdb6d971 2695 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2696 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2697 goto unlock;
2698 }
2699
86a8cfc6 2700 if (cp->disconnect) {
591f47f3 2701 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2702 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2703 &cp->addr.bdaddr);
86a8cfc6
JH		 2704 else
2705 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2706 &cp->addr.bdaddr);
86a8cfc6
JH		 2707 } else {
2708 conn = NULL;
2709 }
124f6e35 2710
a8a1d19e 2711 if (!conn) {
bdb6d971 2712 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2713 &rp, sizeof(rp));
b1078ad0 2714 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2715 goto unlock;
2716 }
55ed8ca1 2717
124f6e35 2718 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2719 sizeof(*cp));
a8a1d19e
JH		 2720 if (!cmd) {
2721 err = -ENOMEM;
2722 goto unlock;
55ed8ca1
JH		 2723 }
2724
eb55ef07 2725 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2726 dc.reason = 0x13; /* Remote User Terminated Connection */
2727 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2728 if (err < 0)
2729 mgmt_pending_remove(cmd);
2730
55ed8ca1 2731unlock:
09fd0de5 2732 hci_dev_unlock(hdev);
55ed8ca1
JH		 2733 return err;
2734}
2735
bdb6d971 2736static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2737 u16 len)
8962ee74 2738{
650f726d 2739 struct mgmt_cp_disconnect *cp = data;
06a63b19 2740 struct mgmt_rp_disconnect rp;
8962ee74 2741 struct hci_cp_disconnect dc;
366a0336 2742 struct pending_cmd *cmd;
8962ee74 2743 struct hci_conn *conn;
8962ee74
JH		 2744 int err;
2745
2746 BT_DBG("");
2747
06a63b19
JH		 2748 memset(&rp, 0, sizeof(rp));
2749 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2750 rp.addr.type = cp->addr.type;
2751
4ee71b20 2752 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2753 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2754 MGMT_STATUS_INVALID_PARAMS,
2755 &rp, sizeof(rp));
4ee71b20 2756
09fd0de5 2757 hci_dev_lock(hdev);
8962ee74
JH		 2758
2759 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2760 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2761 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2762 goto failed;
2763 }
2764
2e58ef3e 2765 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2766 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2767 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2768 goto failed;
2769 }
2770
591f47f3 2771 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2772 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2773 &cp->addr.bdaddr);
88c3df13
JH		 2774 else
2775 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2776
f960727e 2777 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2778 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2779 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2780 goto failed;
2781 }
2782
2e58ef3e 2783 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2784 if (!cmd) {
2785 err = -ENOMEM;
8962ee74 2786 goto failed;
366a0336 2787 }
8962ee74 2788
eb55ef07 2789 dc.handle = cpu_to_le16(conn->handle);
3701f944 2790 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2791
2792 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2793 if (err < 0)
a664b5bc 2794 mgmt_pending_remove(cmd);
8962ee74
JH		 2795
2796failed:
09fd0de5 2797 hci_dev_unlock(hdev);
8962ee74
JH		 2798 return err;
2799}
2800
57c1477c 2801static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2802{
2803 switch (link_type) {
2804 case LE_LINK:
48264f06
JH		 2805 switch (addr_type) {
2806 case ADDR_LE_DEV_PUBLIC:
591f47f3 2807 return BDADDR_LE_PUBLIC;
0ed09148 2808
48264f06 2809 default:
0ed09148 2810 /* Fallback to LE Random address type */
591f47f3 2811 return BDADDR_LE_RANDOM;
48264f06 2812 }
0ed09148 2813
4c659c39 2814 default:
0ed09148 2815 /* Fallback to BR/EDR type */
591f47f3 2816 return BDADDR_BREDR;
4c659c39
JH		 2817 }
2818}
2819
04124681
GP		 2820static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2821 u16 data_len)
2784eb41 2822{
2784eb41 2823 struct mgmt_rp_get_connections *rp;
8035ded4 2824 struct hci_conn *c;
a38528f1 2825 size_t rp_len;
60fc5fb6
JH		 2826 int err;
2827 u16 i;
2784eb41
JH		 2828
2829 BT_DBG("");
2830
09fd0de5 2831 hci_dev_lock(hdev);
2784eb41 2832
5f97c1df 2833 if (!hdev_is_powered(hdev)) {
bdb6d971 2834 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2835 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2836 goto unlock;
2837 }
2838
60fc5fb6 2839 i = 0;
b644ba33
JH		 2840 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2841 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2842 i++;
2784eb41
JH		 2843 }
2844
60fc5fb6 2845 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2846 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2847 if (!rp) {
2784eb41
JH		 2848 err = -ENOMEM;
2849 goto unlock;
2850 }
2851
2784eb41 2852 i = 0;
4c659c39 2853 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2854 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2855 continue;
4c659c39 2856 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2857 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2858 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2859 continue;
2860 i++;
2861 }
2862
eb55ef07 2863 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2864
4c659c39
JH		 2865 /* Recalculate length in case of filtered SCO connections, etc */
2866 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2867
bdb6d971 2868 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2869 rp_len);
2784eb41 2870
a38528f1 2871 kfree(rp);
5f97c1df
JH		 2872
2873unlock:
09fd0de5 2874 hci_dev_unlock(hdev);
2784eb41
JH		 2875 return err;
2876}
2877
bdb6d971 2878static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2879 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2880{
2881 struct pending_cmd *cmd;
2882 int err;
2883
2e58ef3e 2884 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2885 sizeof(*cp));
96d97a67
WR		 2886 if (!cmd)
2887 return -ENOMEM;
2888
d8457698 2889 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2890 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2891 if (err < 0)
2892 mgmt_pending_remove(cmd);
2893
2894 return err;
2895}
2896
bdb6d971 2897static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2898 u16 len)
980e1a53 2899{
96d97a67 2900 struct hci_conn *conn;
650f726d 2901 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2902 struct hci_cp_pin_code_reply reply;
366a0336 2903 struct pending_cmd *cmd;
980e1a53
JH		 2904 int err;
2905
2906 BT_DBG("");
2907
09fd0de5 2908 hci_dev_lock(hdev);
980e1a53 2909
4b34ee78 2910 if (!hdev_is_powered(hdev)) {
bdb6d971 2911 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2912 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2913 goto failed;
2914 }
2915
d8457698 2916 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2917 if (!conn) {
bdb6d971 2918 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2919 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2920 goto failed;
2921 }
2922
2923 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2924 struct mgmt_cp_pin_code_neg_reply ncp;
2925
2926 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2927
2928 BT_ERR("PIN code is not 16 bytes long");
2929
bdb6d971 2930 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2931 if (err >= 0)
bdb6d971 2932 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2933 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2934
2935 goto failed;
2936 }
2937
00abfe44 2938 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2939 if (!cmd) {
2940 err = -ENOMEM;
980e1a53 2941 goto failed;
366a0336 2942 }
980e1a53 2943
d8457698 2944 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2945 reply.pin_len = cp->pin_len;
24718ca5 2946 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2947
2948 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2949 if (err < 0)
a664b5bc 2950 mgmt_pending_remove(cmd);
980e1a53
JH		 2951
2952failed:
09fd0de5 2953 hci_dev_unlock(hdev);
980e1a53
JH		 2954 return err;
2955}
2956
04124681
GP		 2957static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2958 u16 len)
17fa4b9d 2959{
650f726d 2960 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2961
2962 BT_DBG("");
2963
4ec86d4c
JH		 2964 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2965 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2966 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
2967
09fd0de5 2968 hci_dev_lock(hdev);
17fa4b9d
JH		 2969
2970 hdev->io_capability = cp->io_capability;
2971
2972 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2973 hdev->io_capability);
17fa4b9d 2974
09fd0de5 2975 hci_dev_unlock(hdev);
17fa4b9d 2976
04124681
GP		 2977 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2978 0);
17fa4b9d
JH		 2979}
2980
6039aa73 2981static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2982{
2983 struct hci_dev *hdev = conn->hdev;
8035ded4 2984 struct pending_cmd *cmd;
e9a416b5 2985
2e58ef3e 2986 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2987 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2988 continue;
2989
e9a416b5
JH		 2990 if (cmd->user_data != conn)
2991 continue;
2992
2993 return cmd;
2994 }
2995
2996 return NULL;
2997}
2998
2999static void pairing_complete(struct pending_cmd *cmd, u8 status)
3000{
3001 struct mgmt_rp_pair_device rp;
3002 struct hci_conn *conn = cmd->user_data;
3003
61b1a7fb
JH		 3004 bacpy(&rp.addr.bdaddr, &conn->dst);
3005 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3006
aee9b218 3007 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 3008 &rp, sizeof(rp));
e9a416b5
JH		 3009
3010 /* So we don't get further callbacks for this connection */
3011 conn->connect_cfm_cb = NULL;
3012 conn->security_cfm_cb = NULL;
3013 conn->disconn_cfm_cb = NULL;
3014
76a68ba0 3015 hci_conn_drop(conn);
e9a416b5 3016
a664b5bc 3017 mgmt_pending_remove(cmd);
e9a416b5
JH		 3018}
3019
f4a407be
JH		 3020void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3021{
3022 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3023 struct pending_cmd *cmd;
3024
3025 cmd = find_pairing(conn);
3026 if (cmd)
3027 pairing_complete(cmd, status);
3028}
3029
e9a416b5
JH		 3030static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3031{
3032 struct pending_cmd *cmd;
3033
3034 BT_DBG("status %u", status);
3035
3036 cmd = find_pairing(conn);
56e5cb86 3037 if (!cmd)
e9a416b5 3038 BT_DBG("Unable to find a pending command");
56e5cb86 3039 else
e211326c 3040 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 3041}
3042
f4a407be 3043static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 3044{
3045 struct pending_cmd *cmd;
3046
3047 BT_DBG("status %u", status);
3048
3049 if (!status)
3050 return;
3051
3052 cmd = find_pairing(conn);
3053 if (!cmd)
3054 BT_DBG("Unable to find a pending command");
3055 else
3056 pairing_complete(cmd, mgmt_status(status));
3057}
3058
bdb6d971 3059static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3060 u16 len)
e9a416b5 3061{
650f726d 3062 struct mgmt_cp_pair_device *cp = data;
1425acb7 3063 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 3064 struct pending_cmd *cmd;
3065 u8 sec_level, auth_type;
3066 struct hci_conn *conn;
e9a416b5
JH		 3067 int err;
3068
3069 BT_DBG("");
3070
f950a30e
SJ		 3071 memset(&rp, 0, sizeof(rp));
3072 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3073 rp.addr.type = cp->addr.type;
3074
4ee71b20
JH		 3075 if (!bdaddr_type_is_valid(cp->addr.type))
3076 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3077 MGMT_STATUS_INVALID_PARAMS,
3078 &rp, sizeof(rp));
3079
4ec86d4c
JH		 3080 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3081 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3082 MGMT_STATUS_INVALID_PARAMS,
3083 &rp, sizeof(rp));
3084
09fd0de5 3085 hci_dev_lock(hdev);
e9a416b5 3086
5f97c1df 3087 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 3088 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3089 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 3090 goto unlock;
3091 }
3092
c908df36 3093 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3094 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3095
6f77d8c7 3096 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3097 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3098 auth_type);
6f77d8c7
AG		 3099 } else {
3100 u8 addr_type;
3101
3102 /* Convert from L2CAP channel address type to HCI address type
3103 */
3104 if (cp->addr.type == BDADDR_LE_PUBLIC)
3105 addr_type = ADDR_LE_DEV_PUBLIC;
3106 else
3107 addr_type = ADDR_LE_DEV_RANDOM;
3108
7c264b10
MH		 3109 /* When pairing a new device, it is expected to remember
3110 * this device for future connections. Adding the connection
3111 * parameter information ahead of time allows tracking
3112 * of the slave preferred values and will speed up any
3113 * further connection establishment.
3114 *
3115 * If connection parameters already exist, then they
3116 * will be kept and this function does nothing.
3117 */
3118 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3119
cdd6275e 3120 /* Request a connection with master = true role */
6f77d8c7 3121 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
cdd6275e 3122 sec_level, HCI_LE_CONN_TIMEOUT, true);
6f77d8c7 3123 }
7a512d01 3124
30e76272 3125 if (IS_ERR(conn)) {
489dc48e
AK		 3126 int status;
3127
3128 if (PTR_ERR(conn) == -EBUSY)
3129 status = MGMT_STATUS_BUSY;
3130 else
3131 status = MGMT_STATUS_CONNECT_FAILED;
3132
bdb6d971 3133 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 3134 status, &rp,
04124681 3135 sizeof(rp));
e9a416b5
JH		 3136 goto unlock;
3137 }
3138
3139 if (conn->connect_cfm_cb) {
76a68ba0 3140 hci_conn_drop(conn);
bdb6d971 3141 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 3142 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3143 goto unlock;
3144 }
3145
2e58ef3e 3146 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3147 if (!cmd) {
3148 err = -ENOMEM;
76a68ba0 3149 hci_conn_drop(conn);
e9a416b5
JH		 3150 goto unlock;
3151 }
3152
7a512d01 3153 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3154 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3155 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3156 conn->security_cfm_cb = pairing_complete_cb;
3157 conn->disconn_cfm_cb = pairing_complete_cb;
3158 } else {
3159 conn->connect_cfm_cb = le_pairing_complete_cb;
3160 conn->security_cfm_cb = le_pairing_complete_cb;
3161 conn->disconn_cfm_cb = le_pairing_complete_cb;
3162 }
7a512d01 3163
e9a416b5
JH		 3164 conn->io_capability = cp->io_cap;
3165 cmd->user_data = conn;
3166
3167 if (conn->state == BT_CONNECTED &&
8ce8e2b5 3168 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 3169 pairing_complete(cmd, 0);
3170
3171 err = 0;
3172
3173unlock:
09fd0de5 3174 hci_dev_unlock(hdev);
e9a416b5
JH		 3175 return err;
3176}
3177
04124681
GP		 3178static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3179 u16 len)
28424707 3180{
0f4e68cf 3181 struct mgmt_addr_info *addr = data;
28424707
JH		 3182 struct pending_cmd *cmd;
3183 struct hci_conn *conn;
3184 int err;
3185
3186 BT_DBG("");
3187
28424707
JH		 3188 hci_dev_lock(hdev);
3189
5f97c1df 3190 if (!hdev_is_powered(hdev)) {
bdb6d971 3191 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3192 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3193 goto unlock;
3194 }
3195
28424707
JH		 3196 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3197 if (!cmd) {
bdb6d971 3198 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3199 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3200 goto unlock;
3201 }
3202
3203 conn = cmd->user_data;
3204
3205 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3206 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3207 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3208 goto unlock;
3209 }
3210
3211 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3212
bdb6d971 3213 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3214 addr, sizeof(*addr));
28424707
JH		 3215unlock:
3216 hci_dev_unlock(hdev);
28424707
JH		 3217 return err;
3218}
3219
bdb6d971 3220static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3221 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3222 u16 hci_op, __le32 passkey)
a5c29683 3223{
a5c29683 3224 struct pending_cmd *cmd;
0df4c185 3225 struct hci_conn *conn;
a5c29683
JH		 3226 int err;
3227
09fd0de5 3228 hci_dev_lock(hdev);
08ba5382 3229
4b34ee78 3230 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3231 err = cmd_complete(sk, hdev->id, mgmt_op,
3232 MGMT_STATUS_NOT_POWERED, addr,
3233 sizeof(*addr));
0df4c185 3234 goto done;
a5c29683
JH		 3235 }
3236
1707c60e
JH		 3237 if (addr->type == BDADDR_BREDR)
3238 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3239 else
1707c60e 3240 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3241
3242 if (!conn) {
feb94d3d
JH		 3243 err = cmd_complete(sk, hdev->id, mgmt_op,
3244 MGMT_STATUS_NOT_CONNECTED, addr,
3245 sizeof(*addr));
272d90df
JH		 3246 goto done;
3247 }
47c15e2b 3248
1707c60e 3249 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3250 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3251 if (!err)
feb94d3d
JH		 3252 err = cmd_complete(sk, hdev->id, mgmt_op,
3253 MGMT_STATUS_SUCCESS, addr,
3254 sizeof(*addr));
5fe57d9e 3255 else
feb94d3d
JH		 3256 err = cmd_complete(sk, hdev->id, mgmt_op,
3257 MGMT_STATUS_FAILED, addr,
3258 sizeof(*addr));
47c15e2b 3259
47c15e2b
BG		 3260 goto done;
3261 }
3262
1707c60e 3263 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3264 if (!cmd) {
3265 err = -ENOMEM;
0df4c185 3266 goto done;
a5c29683
JH		 3267 }
3268
0df4c185 3269 /* Continue with pairing via HCI */
604086b7
BG		 3270 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3271 struct hci_cp_user_passkey_reply cp;
3272
1707c60e 3273 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3274 cp.passkey = passkey;
3275 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3276 } else
1707c60e
JH		 3277 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3278 &addr->bdaddr);
604086b7 3279
a664b5bc
JH		 3280 if (err < 0)
3281 mgmt_pending_remove(cmd);
a5c29683 3282
0df4c185 3283done:
09fd0de5 3284 hci_dev_unlock(hdev);
a5c29683
JH		 3285 return err;
3286}
3287
afeb019d
JK		 3288static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3289 void *data, u16 len)
3290{
3291 struct mgmt_cp_pin_code_neg_reply *cp = data;
3292
3293 BT_DBG("");
3294
1707c60e 3295 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3296 MGMT_OP_PIN_CODE_NEG_REPLY,
3297 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3298}
3299
04124681
GP		 3300static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3301 u16 len)
0df4c185 3302{
650f726d 3303 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3304
3305 BT_DBG("");
3306
3307 if (len != sizeof(*cp))
bdb6d971 3308 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3309 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3310
1707c60e 3311 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3312 MGMT_OP_USER_CONFIRM_REPLY,
3313 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3314}
3315
bdb6d971 3316static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3317 void *data, u16 len)
0df4c185 3318{
c9c2659f 3319 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3320
3321 BT_DBG("");
3322
1707c60e 3323 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3324 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3325 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3326}
3327
04124681
GP		 3328static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3329 u16 len)
604086b7 3330{
650f726d 3331 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3332
3333 BT_DBG("");
3334
1707c60e 3335 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3336 MGMT_OP_USER_PASSKEY_REPLY,
3337 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3338}
3339
bdb6d971 3340static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3341 void *data, u16 len)
604086b7 3342{
650f726d 3343 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3344
3345 BT_DBG("");
3346
1707c60e 3347 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3348 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3349 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3350}
3351
13928971 3352static void update_name(struct hci_request *req)
2b4bf397 3353{
13928971 3354 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3355 struct hci_cp_write_local_name cp;
3356
13928971 3357 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3358
890ea898 3359 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3360}
3361
13928971
JH		 3362static void set_name_complete(struct hci_dev *hdev, u8 status)
3363{
3364 struct mgmt_cp_set_local_name *cp;
3365 struct pending_cmd *cmd;
3366
3367 BT_DBG("status 0x%02x", status);
3368
3369 hci_dev_lock(hdev);
3370
3371 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3372 if (!cmd)
3373 goto unlock;
3374
3375 cp = cmd->param;
3376
3377 if (status)
3378 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3379 mgmt_status(status));
3380 else
3381 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3382 cp, sizeof(*cp));
3383
3384 mgmt_pending_remove(cmd);
3385
3386unlock:
3387 hci_dev_unlock(hdev);
3388}
3389
bdb6d971 3390static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3391 u16 len)
b312b161 3392{
2b4bf397 3393 struct mgmt_cp_set_local_name *cp = data;
b312b161 3394 struct pending_cmd *cmd;
890ea898 3395 struct hci_request req;
b312b161
JH		 3396 int err;
3397
3398 BT_DBG("");
3399
09fd0de5 3400 hci_dev_lock(hdev);
b312b161 3401
b3f2ca94
JH		 3402 /* If the old values are the same as the new ones just return a
3403 * direct command complete event.
3404 */
3405 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3406 !memcmp(hdev->short_name, cp->short_name,
3407 sizeof(hdev->short_name))) {
3408 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3409 data, len);
3410 goto failed;
3411 }
3412
2b4bf397 3413 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3414
b5235a65 3415 if (!hdev_is_powered(hdev)) {
2b4bf397 3416 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3417
3418 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3419 data, len);
28cc7bde
JH		 3420 if (err < 0)
3421 goto failed;
3422
3423 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3424 sk);
28cc7bde 3425
b5235a65
JH		 3426 goto failed;
3427 }
3428
28cc7bde 3429 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3430 if (!cmd) {
3431 err = -ENOMEM;
3432 goto failed;
3433 }
3434
13928971
JH		 3435 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3436
890ea898 3437 hci_req_init(&req, hdev);
3f985050
JH		 3438
3439 if (lmp_bredr_capable(hdev)) {
3440 update_name(&req);
3441 update_eir(&req);
3442 }
3443
7a5f4990
MH		 3444 /* The name is stored in the scan response data and so
3445 * no need to udpate the advertising data here.
3446 */
3f985050 3447 if (lmp_le_capable(hdev))
7a5f4990 3448 update_scan_rsp_data(&req);
3f985050 3449
13928971 3450 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3451 if (err < 0)
3452 mgmt_pending_remove(cmd);
3453
3454failed:
09fd0de5 3455 hci_dev_unlock(hdev);
b312b161
JH		 3456 return err;
3457}
3458
0f4e68cf 3459static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3460 void *data, u16 data_len)
c35938b2 3461{
c35938b2
SJ		 3462 struct pending_cmd *cmd;
3463 int err;
3464
bdb6d971 3465 BT_DBG("%s", hdev->name);
c35938b2 3466
09fd0de5 3467 hci_dev_lock(hdev);
c35938b2 3468
4b34ee78 3469 if (!hdev_is_powered(hdev)) {
bdb6d971 3470 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3471 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3472 goto unlock;
3473 }
3474
9a1a1996 3475 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3476 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3477 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3478 goto unlock;
3479 }
3480
2e58ef3e 3481 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3482 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3483 MGMT_STATUS_BUSY);
c35938b2
SJ		 3484 goto unlock;
3485 }
3486
2e58ef3e 3487 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3488 if (!cmd) {
3489 err = -ENOMEM;
3490 goto unlock;
3491 }
3492
4d2d2796
MH		 3493 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3494 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3495 0, NULL);
3496 else
3497 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3498
c35938b2
SJ		 3499 if (err < 0)
3500 mgmt_pending_remove(cmd);
3501
3502unlock:
09fd0de5 3503 hci_dev_unlock(hdev);
c35938b2
SJ		 3504 return err;
3505}
3506
bdb6d971 3507static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3508 void *data, u16 len)
2763eda6 3509{
2763eda6
SJ		 3510 int err;
3511
bdb6d971 3512 BT_DBG("%s ", hdev->name);
2763eda6 3513
09fd0de5 3514 hci_dev_lock(hdev);
2763eda6 3515
ec109113
MH		 3516 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3517 struct mgmt_cp_add_remote_oob_data *cp = data;
3518 u8 status;
bf1e3541 3519
ec109113
MH		 3520 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3521 cp->hash, cp->randomizer);
3522 if (err < 0)
3523 status = MGMT_STATUS_FAILED;
3524 else
3525 status = MGMT_STATUS_SUCCESS;
3526
3527 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3528 status, &cp->addr, sizeof(cp->addr));
3529 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3530 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3531 u8 status;
3532
3533 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3534 cp->hash192,
3535 cp->randomizer192,
3536 cp->hash256,
3537 cp->randomizer256);
3538 if (err < 0)
3539 status = MGMT_STATUS_FAILED;
3540 else
3541 status = MGMT_STATUS_SUCCESS;
3542
3543 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3544 status, &cp->addr, sizeof(cp->addr));
3545 } else {
3546 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3547 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3548 MGMT_STATUS_INVALID_PARAMS);
3549 }
2763eda6 3550
09fd0de5 3551 hci_dev_unlock(hdev);
2763eda6
SJ		 3552 return err;
3553}
3554
bdb6d971 3555static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3556 void *data, u16 len)
2763eda6 3557{
650f726d 3558 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3559 u8 status;
2763eda6
SJ		 3560 int err;
3561
bdb6d971 3562 BT_DBG("%s", hdev->name);
2763eda6 3563
09fd0de5 3564 hci_dev_lock(hdev);
2763eda6 3565
664ce4cc 3566 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3567 if (err < 0)
bf1e3541 3568 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3569 else
a6785be2 3570 status = MGMT_STATUS_SUCCESS;
bf1e3541 3571
bdb6d971 3572 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3573 status, &cp->addr, sizeof(cp->addr));
2763eda6 3574
09fd0de5 3575 hci_dev_unlock(hdev);
2763eda6
SJ		 3576 return err;
3577}
3578
41dc2bd6
AG		 3579static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3580{
3581 struct pending_cmd *cmd;
3582 u8 type;
3583 int err;
3584
3585 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3586
3587 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3588 if (!cmd)
3589 return -ENOENT;
3590
3591 type = hdev->discovery.type;
3592
3593 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3594 &type, sizeof(type));
3595 mgmt_pending_remove(cmd);
3596
3597 return err;
3598}
3599
7c307720
AG		 3600static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3601{
ae55f598
LR		 3602 unsigned long timeout = 0;
3603
7c307720
AG		 3604 BT_DBG("status %d", status);
3605
3606 if (status) {
3607 hci_dev_lock(hdev);
3608 mgmt_start_discovery_failed(hdev, status);
3609 hci_dev_unlock(hdev);
3610 return;
3611 }
3612
3613 hci_dev_lock(hdev);
3614 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3615 hci_dev_unlock(hdev);
3616
3617 switch (hdev->discovery.type) {
3618 case DISCOV_TYPE_LE:
3d5a76f0 3619 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3620 break;
3621
3622 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3623 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3624 break;
3625
3626 case DISCOV_TYPE_BREDR:
3627 break;
3628
3629 default:
3630 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3631 }
ae55f598
LR		 3632
3633 if (!timeout)
3634 return;
3635
3636 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3637}
3638
bdb6d971 3639static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3640 void *data, u16 len)
14a53664 3641{
650f726d 3642 struct mgmt_cp_start_discovery *cp = data;
14a53664 3643 struct pending_cmd *cmd;
7c307720
AG		 3644 struct hci_cp_le_set_scan_param param_cp;
3645 struct hci_cp_le_set_scan_enable enable_cp;
3646 struct hci_cp_inquiry inq_cp;
3647 struct hci_request req;
3648 /* General inquiry access code (GIAC) */
3649 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3650 u8 status, own_addr_type;
14a53664
JH		 3651 int err;
3652
bdb6d971 3653 BT_DBG("%s", hdev->name);
14a53664 3654
09fd0de5 3655 hci_dev_lock(hdev);
14a53664 3656
4b34ee78 3657 if (!hdev_is_powered(hdev)) {
bdb6d971 3658 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3659 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3660 goto failed;
3661 }
3662
642be6c7
AG		 3663 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3664 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3665 MGMT_STATUS_BUSY);
3666 goto failed;
3667 }
3668
ff9ef578 3669 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3670 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3671 MGMT_STATUS_BUSY);
ff9ef578
JH		 3672 goto failed;
3673 }
3674
2e58ef3e 3675 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3676 if (!cmd) {
3677 err = -ENOMEM;
3678 goto failed;
3679 }
3680
4aab14e5
AG		 3681 hdev->discovery.type = cp->type;
3682
7c307720
AG		 3683 hci_req_init(&req, hdev);
3684
4aab14e5 3685 switch (hdev->discovery.type) {
f39799f5 3686 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3687 status = mgmt_bredr_support(hdev);
3688 if (status) {
04106755 3689 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3690 status);
04106755
JH		 3691 mgmt_pending_remove(cmd);
3692 goto failed;
3693 }
3694
7c307720
AG		 3695 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3696 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3697 MGMT_STATUS_BUSY);
3698 mgmt_pending_remove(cmd);
3699 goto failed;
3700 }
3701
3702 hci_inquiry_cache_flush(hdev);
3703
3704 memset(&inq_cp, 0, sizeof(inq_cp));
3705 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3706 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3707 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3708 break;
3709
3710 case DISCOV_TYPE_LE:
7c307720 3711 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3712 status = mgmt_le_support(hdev);
3713 if (status) {
04106755 3714 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3715 status);
04106755
JH		 3716 mgmt_pending_remove(cmd);
3717 goto failed;
3718 }
3719
7c307720 3720 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3721 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3722 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3723 MGMT_STATUS_NOT_SUPPORTED);
3724 mgmt_pending_remove(cmd);
3725 goto failed;
3726 }
3727
f3d3444a 3728 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3729 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3730 MGMT_STATUS_REJECTED);
3731 mgmt_pending_remove(cmd);
3732 goto failed;
3733 }
3734
c54c3860
AG		 3735 /* If controller is scanning, it means the background scanning
3736 * is running. Thus, we should temporarily stop it in order to
3737 * set the discovery scanning parameters.
3738 */
3739 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3740 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3741
3742 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3743
94b1fc92
MH		 3744 /* All active scans will be done with either a resolvable
3745 * private address (when privacy feature has been enabled)
3746 * or unresolvable private address.
3747 */
3748 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3749 if (err < 0) {
3750 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3751 MGMT_STATUS_FAILED);
3752 mgmt_pending_remove(cmd);
3753 goto failed;
3754 }
3755
7c307720 3756 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3757 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3758 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3759 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3760 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3761 &param_cp);
3762
3763 memset(&enable_cp, 0, sizeof(enable_cp));
3764 enable_cp.enable = LE_SCAN_ENABLE;
3765 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3766 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3767 &enable_cp);
5e0452c0
AG		 3768 break;
3769
f39799f5 3770 default:
04106755
JH		 3771 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3772 MGMT_STATUS_INVALID_PARAMS);
3773 mgmt_pending_remove(cmd);
3774 goto failed;
f39799f5 3775 }
3fd24153 3776
7c307720 3777 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3778 if (err < 0)
3779 mgmt_pending_remove(cmd);
ff9ef578
JH		 3780 else
3781 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3782
3783failed:
09fd0de5 3784 hci_dev_unlock(hdev);
14a53664
JH		 3785 return err;
3786}
3787
1183fdca
AG		 3788static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3789{
3790 struct pending_cmd *cmd;
3791 int err;
3792
3793 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3794 if (!cmd)
3795 return -ENOENT;
3796
3797 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3798 &hdev->discovery.type, sizeof(hdev->discovery.type));
3799 mgmt_pending_remove(cmd);
3800
3801 return err;
3802}
3803
0e05bba6
AG		 3804static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3805{
3806 BT_DBG("status %d", status);
3807
3808 hci_dev_lock(hdev);
3809
3810 if (status) {
3811 mgmt_stop_discovery_failed(hdev, status);
3812 goto unlock;
3813 }
3814
3815 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3816
3817unlock:
3818 hci_dev_unlock(hdev);
3819}
3820
bdb6d971 3821static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3822 u16 len)
14a53664 3823{
d930650b 3824 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3825 struct pending_cmd *cmd;
0e05bba6 3826 struct hci_request req;
14a53664
JH		 3827 int err;
3828
bdb6d971 3829 BT_DBG("%s", hdev->name);
14a53664 3830
09fd0de5 3831 hci_dev_lock(hdev);
14a53664 3832
30dc78e1 3833 if (!hci_discovery_active(hdev)) {
bdb6d971 3834 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3835 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3836 sizeof(mgmt_cp->type));
d930650b
JH		 3837 goto unlock;
3838 }
3839
3840 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3841 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3842 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3843 sizeof(mgmt_cp->type));
30dc78e1 3844 goto unlock;
ff9ef578
JH		 3845 }
3846
2e58ef3e 3847 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3848 if (!cmd) {
3849 err = -ENOMEM;
30dc78e1
JH		 3850 goto unlock;
3851 }
3852
0e05bba6
AG		 3853 hci_req_init(&req, hdev);
3854
21a60d30 3855 hci_stop_discovery(&req);
e0d9727e 3856
21a60d30
JH		 3857 err = hci_req_run(&req, stop_discovery_complete);
3858 if (!err) {
3859 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3860 goto unlock;
14a53664
JH		 3861 }
3862
21a60d30
JH		 3863 mgmt_pending_remove(cmd);
3864
3865 /* If no HCI commands were sent we're done */
3866 if (err == -ENODATA) {
3867 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3868 &mgmt_cp->type, sizeof(mgmt_cp->type));
3869 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3870 }
14a53664 3871
30dc78e1 3872unlock:
09fd0de5 3873 hci_dev_unlock(hdev);
14a53664
JH		 3874 return err;
3875}
3876
bdb6d971 3877static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3878 u16 len)
561aafbc 3879{
650f726d 3880 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3881 struct inquiry_entry *e;
561aafbc
JH		 3882 int err;
3883
bdb6d971 3884 BT_DBG("%s", hdev->name);
561aafbc 3885
561aafbc
JH		 3886 hci_dev_lock(hdev);
3887
30dc78e1 3888 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3889 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3890 MGMT_STATUS_FAILED, &cp->addr,
3891 sizeof(cp->addr));
30dc78e1
JH		 3892 goto failed;
3893 }
3894
a198e7b1 3895 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3896 if (!e) {
d3a2541d
LR		 3897 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3898 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3899 sizeof(cp->addr));
561aafbc
JH		 3900 goto failed;
3901 }
3902
3903 if (cp->name_known) {
3904 e->name_state = NAME_KNOWN;
3905 list_del(&e->list);
3906 } else {
3907 e->name_state = NAME_NEEDED;
a3d4e20a 3908 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3909 }
3910
e384662b
JH		 3911 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3912 sizeof(cp->addr));
561aafbc
JH		 3913
3914failed:
3915 hci_dev_unlock(hdev);
561aafbc
JH		 3916 return err;
3917}
3918
bdb6d971 3919static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3920 u16 len)
7fbec224 3921{
650f726d 3922 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3923 u8 status;
7fbec224
AJ		 3924 int err;
3925
bdb6d971 3926 BT_DBG("%s", hdev->name);
7fbec224 3927
4ee71b20 3928 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3929 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3930 MGMT_STATUS_INVALID_PARAMS,
3931 &cp->addr, sizeof(cp->addr));
4ee71b20 3932
09fd0de5 3933 hci_dev_lock(hdev);
5e762444 3934
88c1fe4b 3935 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3936 if (err < 0) {
f0eeea8b 3937 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3938 goto done;
3939 }
3940
3941 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3942 sk);
3943 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3944
2a8357f2 3945done:
bdb6d971 3946 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3947 &cp->addr, sizeof(cp->addr));
5e762444 3948
09fd0de5 3949 hci_dev_unlock(hdev);
7fbec224
AJ		 3950
3951 return err;
3952}
3953
bdb6d971 3954static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3955 u16 len)
7fbec224 3956{
650f726d 3957 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3958 u8 status;
7fbec224
AJ		 3959 int err;
3960
bdb6d971 3961 BT_DBG("%s", hdev->name);
7fbec224 3962
4ee71b20 3963 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3964 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3965 MGMT_STATUS_INVALID_PARAMS,
3966 &cp->addr, sizeof(cp->addr));
4ee71b20 3967
09fd0de5 3968 hci_dev_lock(hdev);
5e762444 3969
88c1fe4b 3970 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3971 if (err < 0) {
f0eeea8b 3972 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 3973 goto done;
3974 }
3975
3976 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3977 sk);
3978 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3979
2a8357f2 3980done:
bdb6d971 3981 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3982 &cp->addr, sizeof(cp->addr));
5e762444 3983
09fd0de5 3984 hci_dev_unlock(hdev);
7fbec224
AJ		 3985
3986 return err;
3987}
3988
cdbaccca
MH		 3989static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3990 u16 len)
3991{
3992 struct mgmt_cp_set_device_id *cp = data;
890ea898 3993 struct hci_request req;
cdbaccca 3994 int err;
c72d4b8a 3995 __u16 source;
cdbaccca
MH		 3996
3997 BT_DBG("%s", hdev->name);
3998
c72d4b8a
SJ		 3999 source = __le16_to_cpu(cp->source);
4000
4001 if (source > 0x0002)
4002 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4003 MGMT_STATUS_INVALID_PARAMS);
4004
cdbaccca
MH		 4005 hci_dev_lock(hdev);
4006
c72d4b8a 4007 hdev->devid_source = source;
cdbaccca
MH		 4008 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4009 hdev->devid_product = __le16_to_cpu(cp->product);
4010 hdev->devid_version = __le16_to_cpu(cp->version);
4011
4012 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4013
890ea898
JH		 4014 hci_req_init(&req, hdev);
4015 update_eir(&req);
4016 hci_req_run(&req, NULL);
cdbaccca
MH		 4017
4018 hci_dev_unlock(hdev);
4019
4020 return err;
4021}
4022
4375f103
JH		 4023static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4024{
4025 struct cmd_lookup match = { NULL, hdev };
4026
4027 if (status) {
4028 u8 mgmt_err = mgmt_status(status);
4029
4030 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4031 cmd_status_rsp, &mgmt_err);
4032 return;
4033 }
4034
4035 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4036 &match);
4037
4038 new_settings(hdev, match.sk);
4039
4040 if (match.sk)
4041 sock_put(match.sk);
4042}
4043
21b5187f
MH		 4044static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4045 u16 len)
4375f103
JH		 4046{
4047 struct mgmt_mode *cp = data;
4048 struct pending_cmd *cmd;
4049 struct hci_request req;
e6fe7986 4050 u8 val, enabled, status;
4375f103
JH		 4051 int err;
4052
4053 BT_DBG("request for %s", hdev->name);
4054
e6fe7986
JH		 4055 status = mgmt_le_support(hdev);
4056 if (status)
4375f103 4057 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 4058 status);
4375f103
JH		 4059
4060 if (cp->val != 0x00 && cp->val != 0x01)
4061 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4062 MGMT_STATUS_INVALID_PARAMS);
4063
4064 hci_dev_lock(hdev);
4065
4066 val = !!cp->val;
f3d3444a 4067 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4068
f74ca9b8
JH		 4069 /* The following conditions are ones which mean that we should
4070 * not do any HCI communication but directly send a mgmt
4071 * response to user space (after toggling the flag if
4072 * necessary).
4073 */
4074 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 4075 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 4076 bool changed = false;
4077
f3d3444a
JH		 4078 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4079 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4080 changed = true;
4081 }
4082
4083 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4084 if (err < 0)
4085 goto unlock;
4086
4087 if (changed)
4088 err = new_settings(hdev, sk);
4089
4090 goto unlock;
4091 }
4092
4093 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4094 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4095 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4096 MGMT_STATUS_BUSY);
4097 goto unlock;
4098 }
4099
4100 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4101 if (!cmd) {
4102 err = -ENOMEM;
4103 goto unlock;
4104 }
4105
4106 hci_req_init(&req, hdev);
4107
bba3aa55
MH		 4108 if (val)
4109 enable_advertising(&req);
4110 else
4111 disable_advertising(&req);
4375f103
JH		 4112
4113 err = hci_req_run(&req, set_advertising_complete);
4114 if (err < 0)
4115 mgmt_pending_remove(cmd);
4116
4117unlock:
4118 hci_dev_unlock(hdev);
4119 return err;
4120}
4121
d13eafce
MH		 4122static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4123 void *data, u16 len)
4124{
4125 struct mgmt_cp_set_static_address *cp = data;
4126 int err;
4127
4128 BT_DBG("%s", hdev->name);
4129
62af4443 4130 if (!lmp_le_capable(hdev))
d13eafce 4131 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 4132 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4133
4134 if (hdev_is_powered(hdev))
4135 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4136 MGMT_STATUS_REJECTED);
4137
4138 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4139 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4140 return cmd_status(sk, hdev->id,
4141 MGMT_OP_SET_STATIC_ADDRESS,
4142 MGMT_STATUS_INVALID_PARAMS);
4143
4144 /* Two most significant bits shall be set */
4145 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4146 return cmd_status(sk, hdev->id,
4147 MGMT_OP_SET_STATIC_ADDRESS,
4148 MGMT_STATUS_INVALID_PARAMS);
4149 }
4150
4151 hci_dev_lock(hdev);
4152
4153 bacpy(&hdev->static_addr, &cp->bdaddr);
4154
4155 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4156
4157 hci_dev_unlock(hdev);
4158
4159 return err;
4160}
4161
14b49b9a
MH		 4162static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4163 void *data, u16 len)
4164{
4165 struct mgmt_cp_set_scan_params *cp = data;
4166 __u16 interval, window;
4167 int err;
4168
4169 BT_DBG("%s", hdev->name);
4170
4171 if (!lmp_le_capable(hdev))
4172 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4173 MGMT_STATUS_NOT_SUPPORTED);
4174
4175 interval = __le16_to_cpu(cp->interval);
4176
4177 if (interval < 0x0004 || interval > 0x4000)
4178 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4179 MGMT_STATUS_INVALID_PARAMS);
4180
4181 window = __le16_to_cpu(cp->window);
4182
4183 if (window < 0x0004 || window > 0x4000)
4184 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4185 MGMT_STATUS_INVALID_PARAMS);
4186
899e1075
MH		 4187 if (window > interval)
4188 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4189 MGMT_STATUS_INVALID_PARAMS);
4190
14b49b9a
MH		 4191 hci_dev_lock(hdev);
4192
4193 hdev->le_scan_interval = interval;
4194 hdev->le_scan_window = window;
4195
4196 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4197
dd2ef8e2
AG		 4198 /* If background scan is running, restart it so new parameters are
4199 * loaded.
4200 */
4201 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4202 hdev->discovery.state == DISCOVERY_STOPPED) {
4203 struct hci_request req;
4204
4205 hci_req_init(&req, hdev);
4206
4207 hci_req_add_le_scan_disable(&req);
4208 hci_req_add_le_passive_scan(&req);
4209
4210 hci_req_run(&req, NULL);
4211 }
4212
14b49b9a
MH		 4213 hci_dev_unlock(hdev);
4214
4215 return err;
4216}
4217
33e38b3e
JH		 4218static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4219{
4220 struct pending_cmd *cmd;
4221
4222 BT_DBG("status 0x%02x", status);
4223
4224 hci_dev_lock(hdev);
4225
4226 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4227 if (!cmd)
4228 goto unlock;
4229
4230 if (status) {
4231 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4232 mgmt_status(status));
4233 } else {
1a4d3c4b
JH		 4234 struct mgmt_mode *cp = cmd->param;
4235
4236 if (cp->val)
4237 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4238 else
4239 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4240
33e38b3e
JH		 4241 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4242 new_settings(hdev, cmd->sk);
4243 }
4244
4245 mgmt_pending_remove(cmd);
4246
4247unlock:
4248 hci_dev_unlock(hdev);
4249}
4250
bdb6d971 4251static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4252 void *data, u16 len)
f6422ec6 4253{
650f726d 4254 struct mgmt_mode *cp = data;
33e38b3e
JH		 4255 struct pending_cmd *cmd;
4256 struct hci_request req;
f6422ec6
AJ		 4257 int err;
4258
bdb6d971 4259 BT_DBG("%s", hdev->name);
f6422ec6 4260
56f87901
JH		 4261 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4262 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4263 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4264 MGMT_STATUS_NOT_SUPPORTED);
4265
a7e80f25
JH		 4266 if (cp->val != 0x00 && cp->val != 0x01)
4267 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4268 MGMT_STATUS_INVALID_PARAMS);
4269
5400c044 4270 if (!hdev_is_powered(hdev))
bdb6d971 4271 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4272 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4273
4274 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4275 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4276 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4277
4278 hci_dev_lock(hdev);
4279
05cbf29f
JH		 4280 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4281 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4282 MGMT_STATUS_BUSY);
4283 goto unlock;
4284 }
4285
1a4d3c4b
JH		 4286 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4287 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4288 hdev);
4289 goto unlock;
4290 }
4291
33e38b3e
JH		 4292 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4293 data, len);
4294 if (!cmd) {
4295 err = -ENOMEM;
4296 goto unlock;
f6422ec6
AJ		 4297 }
4298
33e38b3e
JH		 4299 hci_req_init(&req, hdev);
4300
406d7804 4301 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4302
4303 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4304 if (err < 0) {
bdb6d971 4305 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4306 MGMT_STATUS_FAILED);
33e38b3e 4307 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4308 }
4309
33e38b3e 4310unlock:
f6422ec6 4311 hci_dev_unlock(hdev);
33e38b3e 4312
f6422ec6
AJ		 4313 return err;
4314}
4315
67e5a7a3
JH		 4316static void set_bredr_scan(struct hci_request *req)
4317{
4318 struct hci_dev *hdev = req->hdev;
4319 u8 scan = 0;
4320
4321 /* Ensure that fast connectable is disabled. This function will
4322 * not do anything if the page scan parameters are already what
4323 * they should be.
4324 */
4325 write_fast_connectable(req, false);
4326
4327 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4328 scan |= SCAN_PAGE;
4329 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4330 scan |= SCAN_INQUIRY;
4331
4332 if (scan)
4333 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4334}
4335
0663ca2a
JH		 4336static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4337{
4338 struct pending_cmd *cmd;
4339
4340 BT_DBG("status 0x%02x", status);
4341
4342 hci_dev_lock(hdev);
4343
4344 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4345 if (!cmd)
4346 goto unlock;
4347
4348 if (status) {
4349 u8 mgmt_err = mgmt_status(status);
4350
4351 /* We need to restore the flag if related HCI commands
4352 * failed.
4353 */
4354 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4355
4356 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4357 } else {
4358 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4359 new_settings(hdev, cmd->sk);
4360 }
4361
4362 mgmt_pending_remove(cmd);
4363
4364unlock:
4365 hci_dev_unlock(hdev);
4366}
4367
4368static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4369{
4370 struct mgmt_mode *cp = data;
4371 struct pending_cmd *cmd;
4372 struct hci_request req;
4373 int err;
4374
4375 BT_DBG("request for %s", hdev->name);
4376
4377 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4378 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4379 MGMT_STATUS_NOT_SUPPORTED);
4380
4381 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4382 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4383 MGMT_STATUS_REJECTED);
4384
4385 if (cp->val != 0x00 && cp->val != 0x01)
4386 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4387 MGMT_STATUS_INVALID_PARAMS);
4388
4389 hci_dev_lock(hdev);
4390
4391 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4392 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4393 goto unlock;
4394 }
4395
4396 if (!hdev_is_powered(hdev)) {
4397 if (!cp->val) {
0663ca2a
JH		 4398 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4399 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4400 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4401 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4402 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4403 }
4404
4405 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4406
4407 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4408 if (err < 0)
4409 goto unlock;
4410
4411 err = new_settings(hdev, sk);
4412 goto unlock;
4413 }
4414
4415 /* Reject disabling when powered on */
4416 if (!cp->val) {
4417 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4418 MGMT_STATUS_REJECTED);
4419 goto unlock;
4420 }
4421
4422 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4423 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4424 MGMT_STATUS_BUSY);
4425 goto unlock;
4426 }
4427
4428 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4429 if (!cmd) {
4430 err = -ENOMEM;
4431 goto unlock;
4432 }
4433
5947f4bc 4434 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4435 * generates the correct flags.
4436 */
4437 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4438
4439 hci_req_init(&req, hdev);
aa8af46e
JH		 4440
4441 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4442 set_bredr_scan(&req);
4443
f14d8f64
MH		 4444 /* Since only the advertising data flags will change, there
4445 * is no need to update the scan response data.
4446 */
5947f4bc 4447 update_adv_data(&req);
aa8af46e 4448
0663ca2a
JH		 4449 err = hci_req_run(&req, set_bredr_complete);
4450 if (err < 0)
4451 mgmt_pending_remove(cmd);
4452
4453unlock:
4454 hci_dev_unlock(hdev);
4455 return err;
4456}
4457
eac83dc6
MH		 4458static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4459 void *data, u16 len)
4460{
4461 struct mgmt_mode *cp = data;
4462 struct pending_cmd *cmd;
0ab04a9c 4463 u8 val, status;
eac83dc6
MH		 4464 int err;
4465
4466 BT_DBG("request for %s", hdev->name);
4467
4468 status = mgmt_bredr_support(hdev);
4469 if (status)
4470 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4471 status);
4472
5afeac14 4473 if (!lmp_sc_capable(hdev) &&
111902f7 4474 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4475 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4476 MGMT_STATUS_NOT_SUPPORTED);
4477
0ab04a9c 4478 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4479 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4480 MGMT_STATUS_INVALID_PARAMS);
4481
4482 hci_dev_lock(hdev);
4483
4484 if (!hdev_is_powered(hdev)) {
4485 bool changed;
4486
0ab04a9c 4487 if (cp->val) {
eac83dc6
MH		 4488 changed = !test_and_set_bit(HCI_SC_ENABLED,
4489 &hdev->dev_flags);
0ab04a9c
MH		 4490 if (cp->val == 0x02)
4491 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4492 else
4493 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4494 } else {
eac83dc6
MH		 4495 changed = test_and_clear_bit(HCI_SC_ENABLED,
4496 &hdev->dev_flags);
0ab04a9c
MH		 4497 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4498 }
eac83dc6
MH		 4499
4500 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4501 if (err < 0)
4502 goto failed;
4503
4504 if (changed)
4505 err = new_settings(hdev, sk);
4506
4507 goto failed;
4508 }
4509
4510 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4511 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4512 MGMT_STATUS_BUSY);
4513 goto failed;
4514 }
4515
0ab04a9c
MH		 4516 val = !!cp->val;
4517
4518 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4519 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4520 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4521 goto failed;
4522 }
4523
4524 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4525 if (!cmd) {
4526 err = -ENOMEM;
4527 goto failed;
4528 }
4529
0ab04a9c 4530 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4531 if (err < 0) {
4532 mgmt_pending_remove(cmd);
4533 goto failed;
4534 }
4535
0ab04a9c
MH		 4536 if (cp->val == 0x02)
4537 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4538 else
4539 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4540
eac83dc6
MH		 4541failed:
4542 hci_dev_unlock(hdev);
4543 return err;
4544}
4545
4e39ac81
MH		 4546static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4547 void *data, u16 len)
4548{
4549 struct mgmt_mode *cp = data;
b9710979 4550 bool changed, use_changed;
4e39ac81
MH		 4551 int err;
4552
4553 BT_DBG("request for %s", hdev->name);
4554
b9710979 4555 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4556 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4557 MGMT_STATUS_INVALID_PARAMS);
4558
4559 hci_dev_lock(hdev);
4560
4561 if (cp->val)
0663b297
JH		 4562 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4563 &hdev->dev_flags);
4e39ac81 4564 else
0663b297
JH		 4565 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4566 &hdev->dev_flags);
4e39ac81 4567
b9710979
JH		 4568 if (cp->val == 0x02)
4569 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4570 &hdev->dev_flags);
4571 else
4572 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4573 &hdev->dev_flags);
4574
4575 if (hdev_is_powered(hdev) && use_changed &&
4576 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4577 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4578 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4579 sizeof(mode), &mode);
4580 }
4581
4e39ac81
MH		 4582 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4583 if (err < 0)
4584 goto unlock;
4585
4586 if (changed)
4587 err = new_settings(hdev, sk);
4588
4589unlock:
4590 hci_dev_unlock(hdev);
4591 return err;
4592}
4593
62b04cd1
JH		 4594static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4595 u16 len)
4596{
4597 struct mgmt_cp_set_privacy *cp = cp_data;
4598 bool changed;
4599 int err;
4600
4601 BT_DBG("request for %s", hdev->name);
4602
4603 if (!lmp_le_capable(hdev))
4604 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4605 MGMT_STATUS_NOT_SUPPORTED);
4606
4607 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4608 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4609 MGMT_STATUS_INVALID_PARAMS);
4610
4611 if (hdev_is_powered(hdev))
4612 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4613 MGMT_STATUS_REJECTED);
4614
4615 hci_dev_lock(hdev);
4616
c21c0ea0
JH		 4617 /* If user space supports this command it is also expected to
4618 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4619 */
4620 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4621
62b04cd1
JH		 4622 if (cp->privacy) {
4623 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4624 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4625 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4626 } else {
4627 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4628 memset(hdev->irk, 0, sizeof(hdev->irk));
4629 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4630 }
4631
4632 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4633 if (err < 0)
4634 goto unlock;
4635
4636 if (changed)
4637 err = new_settings(hdev, sk);
4638
4639unlock:
4640 hci_dev_unlock(hdev);
4641 return err;
4642}
4643
41edf160
JH		 4644static bool irk_is_valid(struct mgmt_irk_info *irk)
4645{
4646 switch (irk->addr.type) {
4647 case BDADDR_LE_PUBLIC:
4648 return true;
4649
4650 case BDADDR_LE_RANDOM:
4651 /* Two most significant bits shall be set */
4652 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4653 return false;
4654 return true;
4655 }
4656
4657 return false;
4658}
4659
4660static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4661 u16 len)
4662{
4663 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4664 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4665 sizeof(struct mgmt_irk_info));
41edf160
JH		 4666 u16 irk_count, expected_len;
4667 int i, err;
4668
4669 BT_DBG("request for %s", hdev->name);
4670
4671 if (!lmp_le_capable(hdev))
4672 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4673 MGMT_STATUS_NOT_SUPPORTED);
4674
4675 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4676 if (irk_count > max_irk_count) {
4677 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4678 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4679 MGMT_STATUS_INVALID_PARAMS);
4680 }
41edf160
JH		 4681
4682 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4683 if (expected_len != len) {
4684 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4685 expected_len, len);
41edf160
JH		 4686 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4687 MGMT_STATUS_INVALID_PARAMS);
4688 }
4689
4690 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4691
4692 for (i = 0; i < irk_count; i++) {
4693 struct mgmt_irk_info *key = &cp->irks[i];
4694
4695 if (!irk_is_valid(key))
4696 return cmd_status(sk, hdev->id,
4697 MGMT_OP_LOAD_IRKS,
4698 MGMT_STATUS_INVALID_PARAMS);
4699 }
4700
4701 hci_dev_lock(hdev);
4702
4703 hci_smp_irks_clear(hdev);
4704
4705 for (i = 0; i < irk_count; i++) {
4706 struct mgmt_irk_info *irk = &cp->irks[i];
4707 u8 addr_type;
4708
4709 if (irk->addr.type == BDADDR_LE_PUBLIC)
4710 addr_type = ADDR_LE_DEV_PUBLIC;
4711 else
4712 addr_type = ADDR_LE_DEV_RANDOM;
4713
4714 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4715 BDADDR_ANY);
4716 }
4717
4718 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4719
4720 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4721
4722 hci_dev_unlock(hdev);
4723
4724 return err;
4725}
4726
3f706b72
JH		 4727static bool ltk_is_valid(struct mgmt_ltk_info *key)
4728{
4729 if (key->master != 0x00 && key->master != 0x01)
4730 return false;
490cb0b3
MH		 4731
4732 switch (key->addr.type) {
4733 case BDADDR_LE_PUBLIC:
4734 return true;
4735
4736 case BDADDR_LE_RANDOM:
4737 /* Two most significant bits shall be set */
4738 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4739 return false;
4740 return true;
4741 }
4742
4743 return false;
3f706b72
JH		 4744}
4745
bdb6d971 4746static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4747 void *cp_data, u16 len)
346af67b 4748{
346af67b 4749 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4750 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4751 sizeof(struct mgmt_ltk_info));
346af67b 4752 u16 key_count, expected_len;
715a5bf2 4753 int i, err;
346af67b 4754
cf99ba13
MH		 4755 BT_DBG("request for %s", hdev->name);
4756
4757 if (!lmp_le_capable(hdev))
4758 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4759 MGMT_STATUS_NOT_SUPPORTED);
4760
1f350c87 4761 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4762 if (key_count > max_key_count) {
4763 BT_ERR("load_ltks: too big key_count value %u", key_count);
4764 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4765 MGMT_STATUS_INVALID_PARAMS);
4766 }
346af67b
VCG		 4767
4768 expected_len = sizeof(*cp) + key_count *
4769 sizeof(struct mgmt_ltk_info);
4770 if (expected_len != len) {
4771 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4772 expected_len, len);
bdb6d971 4773 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4774 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4775 }
4776
bdb6d971 4777 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4778
54ad6d8a
JH		 4779 for (i = 0; i < key_count; i++) {
4780 struct mgmt_ltk_info *key = &cp->keys[i];
4781
3f706b72 4782 if (!ltk_is_valid(key))
54ad6d8a
JH		 4783 return cmd_status(sk, hdev->id,
4784 MGMT_OP_LOAD_LONG_TERM_KEYS,
4785 MGMT_STATUS_INVALID_PARAMS);
4786 }
4787
346af67b
VCG		 4788 hci_dev_lock(hdev);
4789
4790 hci_smp_ltks_clear(hdev);
4791
4792 for (i = 0; i < key_count; i++) {
4793 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4794 u8 type, addr_type, authenticated;
79d95a19
MH		 4795
4796 if (key->addr.type == BDADDR_LE_PUBLIC)
4797 addr_type = ADDR_LE_DEV_PUBLIC;
4798 else
4799 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4800
4801 if (key->master)
2ceba539 4802 type = SMP_LTK;
346af67b 4803 else
2ceba539 4804 type = SMP_LTK_SLAVE;
346af67b 4805
61b43357
JH		 4806 switch (key->type) {
4807 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4808 authenticated = 0x00;
61b43357
JH		 4809 break;
4810 case MGMT_LTK_AUTHENTICATED:
d7b25450 4811 authenticated = 0x01;
61b43357
JH		 4812 break;
4813 default:
4814 continue;
4815 }
d7b25450 4816
35d70271 4817 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4818 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4819 key->rand);
346af67b
VCG		 4820 }
4821
715a5bf2
JH		 4822 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4823 NULL, 0);
4824
346af67b 4825 hci_dev_unlock(hdev);
346af67b 4826
715a5bf2 4827 return err;
346af67b
VCG		 4828}
4829
dd983808
AK		 4830struct cmd_conn_lookup {
4831 struct hci_conn *conn;
4832 bool valid_tx_power;
4833 u8 mgmt_status;
4834};
4835
4836static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4837{
4838 struct cmd_conn_lookup *match = data;
4839 struct mgmt_cp_get_conn_info *cp;
4840 struct mgmt_rp_get_conn_info rp;
4841 struct hci_conn *conn = cmd->user_data;
4842
4843 if (conn != match->conn)
4844 return;
4845
4846 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4847
4848 memset(&rp, 0, sizeof(rp));
4849 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4850 rp.addr.type = cp->addr.type;
4851
4852 if (!match->mgmt_status) {
4853 rp.rssi = conn->rssi;
4854
eed5daf3 4855 if (match->valid_tx_power) {
dd983808 4856 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4857 rp.max_tx_power = conn->max_tx_power;
4858 } else {
dd983808 4859 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4860 rp.max_tx_power = HCI_TX_POWER_INVALID;
4861 }
dd983808
AK		 4862 }
4863
4864 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4865 match->mgmt_status, &rp, sizeof(rp));
4866
4867 hci_conn_drop(conn);
4868
4869 mgmt_pending_remove(cmd);
4870}
4871
4872static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4873{
4874 struct hci_cp_read_rssi *cp;
4875 struct hci_conn *conn;
4876 struct cmd_conn_lookup match;
4877 u16 handle;
4878
4879 BT_DBG("status 0x%02x", status);
4880
4881 hci_dev_lock(hdev);
4882
4883 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4884 * otherwise we assume it's not valid. At the moment we assume that
4885 * either both or none of current and max values are valid to keep code
4886 * simple.
dd983808
AK		 4887 */
4888 match.valid_tx_power = !status;
4889
4890 /* Commands sent in request are either Read RSSI or Read Transmit Power
4891 * Level so we check which one was last sent to retrieve connection
4892 * handle. Both commands have handle as first parameter so it's safe to
4893 * cast data on the same command struct.
4894 *
4895 * First command sent is always Read RSSI and we fail only if it fails.
4896 * In other case we simply override error to indicate success as we
4897 * already remembered if TX power value is actually valid.
4898 */
4899 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4900 if (!cp) {
4901 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4902 status = 0;
4903 }
4904
4905 if (!cp) {
4906 BT_ERR("invalid sent_cmd in response");
4907 goto unlock;
4908 }
4909
4910 handle = __le16_to_cpu(cp->handle);
4911 conn = hci_conn_hash_lookup_handle(hdev, handle);
4912 if (!conn) {
4913 BT_ERR("unknown handle (%d) in response", handle);
4914 goto unlock;
4915 }
4916
4917 match.conn = conn;
4918 match.mgmt_status = mgmt_status(status);
4919
4920 /* Cache refresh is complete, now reply for mgmt request for given
4921 * connection only.
4922 */
4923 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4924 get_conn_info_complete, &match);
4925
4926unlock:
4927 hci_dev_unlock(hdev);
4928}
4929
4930static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4931 u16 len)
4932{
4933 struct mgmt_cp_get_conn_info *cp = data;
4934 struct mgmt_rp_get_conn_info rp;
4935 struct hci_conn *conn;
4936 unsigned long conn_info_age;
4937 int err = 0;
4938
4939 BT_DBG("%s", hdev->name);
4940
4941 memset(&rp, 0, sizeof(rp));
4942 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4943 rp.addr.type = cp->addr.type;
4944
4945 if (!bdaddr_type_is_valid(cp->addr.type))
4946 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4947 MGMT_STATUS_INVALID_PARAMS,
4948 &rp, sizeof(rp));
4949
4950 hci_dev_lock(hdev);
4951
4952 if (!hdev_is_powered(hdev)) {
4953 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4954 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4955 goto unlock;
4956 }
4957
4958 if (cp->addr.type == BDADDR_BREDR)
4959 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4960 &cp->addr.bdaddr);
4961 else
4962 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4963
4964 if (!conn || conn->state != BT_CONNECTED) {
4965 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4966 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4967 goto unlock;
4968 }
4969
4970 /* To avoid client trying to guess when to poll again for information we
4971 * calculate conn info age as random value between min/max set in hdev.
4972 */
4973 conn_info_age = hdev->conn_info_min_age +
4974 prandom_u32_max(hdev->conn_info_max_age -
4975 hdev->conn_info_min_age);
4976
4977 /* Query controller to refresh cached values if they are too old or were
4978 * never read.
4979 */
f4e2dd53
AK		 4980 if (time_after(jiffies, conn->conn_info_timestamp +
4981 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4982 !conn->conn_info_timestamp) {
4983 struct hci_request req;
4984 struct hci_cp_read_tx_power req_txp_cp;
4985 struct hci_cp_read_rssi req_rssi_cp;
4986 struct pending_cmd *cmd;
4987
4988 hci_req_init(&req, hdev);
4989 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4990 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4991 &req_rssi_cp);
4992
f7faab0c
AK		 4993 /* For LE links TX power does not change thus we don't need to
4994 * query for it once value is known.
4995 */
4996 if (!bdaddr_type_is_le(cp->addr.type) ||
4997 conn->tx_power == HCI_TX_POWER_INVALID) {
4998 req_txp_cp.handle = cpu_to_le16(conn->handle);
4999 req_txp_cp.type = 0x00;
5000 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5001 sizeof(req_txp_cp), &req_txp_cp);
5002 }
dd983808 5003
eed5daf3
AK		 5004 /* Max TX power needs to be read only once per connection */
5005 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5006 req_txp_cp.handle = cpu_to_le16(conn->handle);
5007 req_txp_cp.type = 0x01;
5008 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5009 sizeof(req_txp_cp), &req_txp_cp);
5010 }
5011
dd983808
AK		 5012 err = hci_req_run(&req, conn_info_refresh_complete);
5013 if (err < 0)
5014 goto unlock;
5015
5016 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5017 data, len);
5018 if (!cmd) {
5019 err = -ENOMEM;
5020 goto unlock;
5021 }
5022
5023 hci_conn_hold(conn);
5024 cmd->user_data = conn;
5025
5026 conn->conn_info_timestamp = jiffies;
5027 } else {
5028 /* Cache is valid, just reply with values cached in hci_conn */
5029 rp.rssi = conn->rssi;
5030 rp.tx_power = conn->tx_power;
eed5daf3 5031 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 5032
5033 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5034 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5035 }
5036
5037unlock:
5038 hci_dev_unlock(hdev);
5039 return err;
5040}
5041
95868426
JH		 5042static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5043{
5044 struct mgmt_cp_get_clock_info *cp;
5045 struct mgmt_rp_get_clock_info rp;
5046 struct hci_cp_read_clock *hci_cp;
5047 struct pending_cmd *cmd;
5048 struct hci_conn *conn;
5049
5050 BT_DBG("%s status %u", hdev->name, status);
5051
5052 hci_dev_lock(hdev);
5053
5054 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5055 if (!hci_cp)
5056 goto unlock;
5057
5058 if (hci_cp->which) {
5059 u16 handle = __le16_to_cpu(hci_cp->handle);
5060 conn = hci_conn_hash_lookup_handle(hdev, handle);
5061 } else {
5062 conn = NULL;
5063 }
5064
5065 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5066 if (!cmd)
5067 goto unlock;
5068
5069 cp = cmd->param;
5070
5071 memset(&rp, 0, sizeof(rp));
5072 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
5073
5074 if (status)
5075 goto send_rsp;
5076
5077 rp.local_clock = cpu_to_le32(hdev->clock);
5078
5079 if (conn) {
5080 rp.piconet_clock = cpu_to_le32(conn->clock);
5081 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5082 }
5083
5084send_rsp:
5085 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
5086 &rp, sizeof(rp));
5087 mgmt_pending_remove(cmd);
5088 if (conn)
5089 hci_conn_drop(conn);
5090
5091unlock:
5092 hci_dev_unlock(hdev);
5093}
5094
5095static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5096 u16 len)
5097{
5098 struct mgmt_cp_get_clock_info *cp = data;
5099 struct mgmt_rp_get_clock_info rp;
5100 struct hci_cp_read_clock hci_cp;
5101 struct pending_cmd *cmd;
5102 struct hci_request req;
5103 struct hci_conn *conn;
5104 int err;
5105
5106 BT_DBG("%s", hdev->name);
5107
5108 memset(&rp, 0, sizeof(rp));
5109 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5110 rp.addr.type = cp->addr.type;
5111
5112 if (cp->addr.type != BDADDR_BREDR)
5113 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5114 MGMT_STATUS_INVALID_PARAMS,
5115 &rp, sizeof(rp));
5116
5117 hci_dev_lock(hdev);
5118
5119 if (!hdev_is_powered(hdev)) {
5120 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5121 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5122 goto unlock;
5123 }
5124
5125 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5126 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5127 &cp->addr.bdaddr);
5128 if (!conn || conn->state != BT_CONNECTED) {
5129 err = cmd_complete(sk, hdev->id,
5130 MGMT_OP_GET_CLOCK_INFO,
5131 MGMT_STATUS_NOT_CONNECTED,
5132 &rp, sizeof(rp));
5133 goto unlock;
5134 }
5135 } else {
5136 conn = NULL;
5137 }
5138
5139 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5140 if (!cmd) {
5141 err = -ENOMEM;
5142 goto unlock;
5143 }
5144
5145 hci_req_init(&req, hdev);
5146
5147 memset(&hci_cp, 0, sizeof(hci_cp));
5148 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5149
5150 if (conn) {
5151 hci_conn_hold(conn);
5152 cmd->user_data = conn;
5153
5154 hci_cp.handle = cpu_to_le16(conn->handle);
5155 hci_cp.which = 0x01; /* Piconet clock */
5156 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5157 }
5158
5159 err = hci_req_run(&req, get_clock_info_complete);
5160 if (err < 0)
5161 mgmt_pending_remove(cmd);
5162
5163unlock:
5164 hci_dev_unlock(hdev);
5165 return err;
5166}
5167
8afef092
MH		 5168static void device_added(struct sock *sk, struct hci_dev *hdev,
5169 bdaddr_t *bdaddr, u8 type, u8 action)
5170{
5171 struct mgmt_ev_device_added ev;
5172
5173 bacpy(&ev.addr.bdaddr, bdaddr);
5174 ev.addr.type = type;
5175 ev.action = action;
5176
5177 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5178}
5179
2faade53
MH		 5180static int add_device(struct sock *sk, struct hci_dev *hdev,
5181 void *data, u16 len)
5182{
5183 struct mgmt_cp_add_device *cp = data;
5184 u8 auto_conn, addr_type;
5185 int err;
5186
5187 BT_DBG("%s", hdev->name);
5188
5189 if (!bdaddr_type_is_le(cp->addr.type) ||
5190 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5191 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5192 MGMT_STATUS_INVALID_PARAMS,
5193 &cp->addr, sizeof(cp->addr));
5194
5195 if (cp->action != 0x00 && cp->action != 0x01)
5196 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5197 MGMT_STATUS_INVALID_PARAMS,
5198 &cp->addr, sizeof(cp->addr));
5199
5200 hci_dev_lock(hdev);
5201
5202 if (cp->addr.type == BDADDR_LE_PUBLIC)
5203 addr_type = ADDR_LE_DEV_PUBLIC;
5204 else
5205 addr_type = ADDR_LE_DEV_RANDOM;
5206
5207 if (cp->action)
5208 auto_conn = HCI_AUTO_CONN_ALWAYS;
5209 else
a3451d27 5210 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5211
bf5b3c8b
MH		 5212 /* If the connection parameters don't exist for this device,
5213 * they will be created and configured with defaults.
5214 */
d06b50ce
MH		 5215 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5216 auto_conn) < 0) {
2faade53
MH		 5217 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5218 MGMT_STATUS_FAILED,
5219 &cp->addr, sizeof(cp->addr));
5220 goto unlock;
5221 }
5222
8afef092
MH		 5223 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5224
2faade53
MH		 5225 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5226 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5227
5228unlock:
5229 hci_dev_unlock(hdev);
5230 return err;
5231}
5232
8afef092
MH		 5233static void device_removed(struct sock *sk, struct hci_dev *hdev,
5234 bdaddr_t *bdaddr, u8 type)
5235{
5236 struct mgmt_ev_device_removed ev;
5237
5238 bacpy(&ev.addr.bdaddr, bdaddr);
5239 ev.addr.type = type;
5240
5241 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5242}
5243
2faade53
MH		 5244static int remove_device(struct sock *sk, struct hci_dev *hdev,
5245 void *data, u16 len)
5246{
5247 struct mgmt_cp_remove_device *cp = data;
5248 int err;
5249
5250 BT_DBG("%s", hdev->name);
5251
5252 hci_dev_lock(hdev);
5253
5254 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5255 struct hci_conn_params *params;
2faade53
MH		 5256 u8 addr_type;
5257
5258 if (!bdaddr_type_is_le(cp->addr.type)) {
5259 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5260 MGMT_STATUS_INVALID_PARAMS,
5261 &cp->addr, sizeof(cp->addr));
5262 goto unlock;
5263 }
5264
5265 if (cp->addr.type == BDADDR_LE_PUBLIC)
5266 addr_type = ADDR_LE_DEV_PUBLIC;
5267 else
5268 addr_type = ADDR_LE_DEV_RANDOM;
5269
c71593dd
JH		 5270 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5271 addr_type);
5272 if (!params) {
5273 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5274 MGMT_STATUS_INVALID_PARAMS,
5275 &cp->addr, sizeof(cp->addr));
5276 goto unlock;
5277 }
5278
5279 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5280 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5281 MGMT_STATUS_INVALID_PARAMS,
5282 &cp->addr, sizeof(cp->addr));
5283 goto unlock;
5284 }
5285
d1dbf12e 5286 list_del(&params->action);
c71593dd
JH		 5287 list_del(&params->list);
5288 kfree(params);
95305baa 5289 hci_update_background_scan(hdev);
8afef092
MH		 5290
5291 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5292 } else {
19de0825
JH		 5293 struct hci_conn_params *p, *tmp;
5294
2faade53
MH		 5295 if (cp->addr.type) {
5296 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5297 MGMT_STATUS_INVALID_PARAMS,
5298 &cp->addr, sizeof(cp->addr));
5299 goto unlock;
5300 }
5301
19de0825
JH		 5302 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5303 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5304 continue;
5305 device_removed(sk, hdev, &p->addr, p->addr_type);
5306 list_del(&p->action);
5307 list_del(&p->list);
5308 kfree(p);
5309 }
5310
5311 BT_DBG("All LE connection parameters were removed");
5312
5313 hci_update_background_scan(hdev);
2faade53
MH		 5314 }
5315
5316 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5317 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5318
5319unlock:
5320 hci_dev_unlock(hdev);
5321 return err;
5322}
5323
a26f3dcf
JH		 5324static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5325 u16 len)
5326{
5327 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5328 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5329 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5330 u16 param_count, expected_len;
5331 int i;
5332
5333 if (!lmp_le_capable(hdev))
5334 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5335 MGMT_STATUS_NOT_SUPPORTED);
5336
5337 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5338 if (param_count > max_param_count) {
5339 BT_ERR("load_conn_param: too big param_count value %u",
5340 param_count);
5341 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5342 MGMT_STATUS_INVALID_PARAMS);
5343 }
a26f3dcf
JH		 5344
5345 expected_len = sizeof(*cp) + param_count *
5346 sizeof(struct mgmt_conn_param);
5347 if (expected_len != len) {
5348 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5349 expected_len, len);
5350 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5351 MGMT_STATUS_INVALID_PARAMS);
5352 }
5353
5354 BT_DBG("%s param_count %u", hdev->name, param_count);
5355
5356 hci_dev_lock(hdev);
5357
5358 hci_conn_params_clear_disabled(hdev);
5359
5360 for (i = 0; i < param_count; i++) {
5361 struct mgmt_conn_param *param = &cp->params[i];
5362 struct hci_conn_params *hci_param;
5363 u16 min, max, latency, timeout;
5364 u8 addr_type;
5365
5366 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5367 param->addr.type);
5368
5369 if (param->addr.type == BDADDR_LE_PUBLIC) {
5370 addr_type = ADDR_LE_DEV_PUBLIC;
5371 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5372 addr_type = ADDR_LE_DEV_RANDOM;
5373 } else {
5374 BT_ERR("Ignoring invalid connection parameters");
5375 continue;
5376 }
5377
5378 min = le16_to_cpu(param->min_interval);
5379 max = le16_to_cpu(param->max_interval);
5380 latency = le16_to_cpu(param->latency);
5381 timeout = le16_to_cpu(param->timeout);
5382
5383 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5384 min, max, latency, timeout);
5385
5386 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5387 BT_ERR("Ignoring invalid connection parameters");
5388 continue;
5389 }
5390
5391 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5392 addr_type);
5393 if (!hci_param) {
5394 BT_ERR("Failed to add connection parameters");
5395 continue;
5396 }
5397
5398 hci_param->conn_min_interval = min;
5399 hci_param->conn_max_interval = max;
5400 hci_param->conn_latency = latency;
5401 hci_param->supervision_timeout = timeout;
5402 }
5403
5404 hci_dev_unlock(hdev);
5405
5406 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5407}
5408
dbece37a
MH		 5409static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5410 void *data, u16 len)
5411{
5412 struct mgmt_cp_set_external_config *cp = data;
5413 bool changed;
5414 int err;
5415
5416 BT_DBG("%s", hdev->name);
5417
5418 if (hdev_is_powered(hdev))
5419 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5420 MGMT_STATUS_REJECTED);
5421
5422 if (cp->config != 0x00 && cp->config != 0x01)
5423 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5424 MGMT_STATUS_INVALID_PARAMS);
5425
5426 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5427 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5428 MGMT_STATUS_NOT_SUPPORTED);
5429
5430 hci_dev_lock(hdev);
5431
5432 if (cp->config)
5433 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5434 &hdev->dev_flags);
5435 else
5436 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5437 &hdev->dev_flags);
5438
5439 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5440 if (err < 0)
5441 goto unlock;
5442
5443 if (!changed)
5444 goto unlock;
5445
f4537c04
MH		 5446 err = new_options(hdev, sk);
5447
dbece37a
MH		 5448 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5449 mgmt_index_removed(hdev);
d603b76b
MH		 5450
5451 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5452 set_bit(HCI_CONFIG, &hdev->dev_flags);
5453 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5454
5455 queue_work(hdev->req_workqueue, &hdev->power_on);
5456 } else {
5ea234d3 5457 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5458 mgmt_index_added(hdev);
5459 }
dbece37a
MH		 5460 }
5461
5462unlock:
5463 hci_dev_unlock(hdev);
5464 return err;
5465}
5466
9713c17b
MH		 5467static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5468 void *data, u16 len)
5469{
5470 struct mgmt_cp_set_public_address *cp = data;
5471 bool changed;
5472 int err;
5473
5474 BT_DBG("%s", hdev->name);
5475
5476 if (hdev_is_powered(hdev))
5477 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5478 MGMT_STATUS_REJECTED);
5479
5480 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5481 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5482 MGMT_STATUS_INVALID_PARAMS);
5483
5484 if (!hdev->set_bdaddr)
5485 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5486 MGMT_STATUS_NOT_SUPPORTED);
5487
5488 hci_dev_lock(hdev);
5489
5490 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5491 bacpy(&hdev->public_addr, &cp->bdaddr);
5492
5493 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5494 if (err < 0)
5495 goto unlock;
5496
5497 if (!changed)
5498 goto unlock;
5499
5500 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5501 err = new_options(hdev, sk);
5502
5503 if (is_configured(hdev)) {
5504 mgmt_index_removed(hdev);
5505
5506 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5507
5508 set_bit(HCI_CONFIG, &hdev->dev_flags);
5509 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5510
5511 queue_work(hdev->req_workqueue, &hdev->power_on);
5512 }
5513
5514unlock:
5515 hci_dev_unlock(hdev);
5516 return err;
5517}
5518
2e3c35ea 5519static const struct mgmt_handler {
04124681
GP		 5520 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5521 u16 data_len);
be22b54e
JH		 5522 bool var_len;
5523 size_t data_len;
0f4e68cf
JH		 5524} mgmt_handlers[] = {
5525 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5526 { read_version, false, MGMT_READ_VERSION_SIZE },
5527 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5528 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5529 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5530 { set_powered, false, MGMT_SETTING_SIZE },
5531 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5532 { set_connectable, false, MGMT_SETTING_SIZE },
5533 { set_fast_connectable, false, MGMT_SETTING_SIZE },
5534 { set_pairable, false, MGMT_SETTING_SIZE },
5535 { set_link_security, false, MGMT_SETTING_SIZE },
5536 { set_ssp, false, MGMT_SETTING_SIZE },
5537 { set_hs, false, MGMT_SETTING_SIZE },
5538 { set_le, false, MGMT_SETTING_SIZE },
5539 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5540 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5541 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5542 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5543 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5544 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5545 { disconnect, false, MGMT_DISCONNECT_SIZE },
5546 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5547 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5548 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5549 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5550 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5551 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5552 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5553 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5554 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5555 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5556 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5557 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5558 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5559 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5560 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5561 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5562 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5563 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5564 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5565 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5566 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5567 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5568 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5569 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5570 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5571 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5572 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5573 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5574 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5575 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5576 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5577 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
73d1df2a
MH		 5578 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
5579 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
9fc3bfb6 5580 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
dbece37a 5581 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
9713c17b 5582 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
0f4e68cf
JH		 5583};
5584
0381101f
JH		 5585int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5586{
650f726d
VCG		 5587 void *buf;
5588 u8 *cp;
0381101f 5589 struct mgmt_hdr *hdr;
4e51eae9 5590 u16 opcode, index, len;
bdb6d971 5591 struct hci_dev *hdev = NULL;
2e3c35ea 5592 const struct mgmt_handler *handler;
0381101f
JH		 5593 int err;
5594
5595 BT_DBG("got %zu bytes", msglen);
5596
5597 if (msglen < sizeof(*hdr))
5598 return -EINVAL;
5599
e63a15ec 5600 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5601 if (!buf)
5602 return -ENOMEM;
5603
5604 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5605 err = -EFAULT;
5606 goto done;
5607 }
5608
650f726d 5609 hdr = buf;
1f350c87
MH		 5610 opcode = __le16_to_cpu(hdr->opcode);
5611 index = __le16_to_cpu(hdr->index);
5612 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5613
5614 if (len != msglen - sizeof(*hdr)) {
5615 err = -EINVAL;
5616 goto done;
5617 }
5618
0f4e68cf 5619 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5620 hdev = hci_dev_get(index);
5621 if (!hdev) {
5622 err = cmd_status(sk, index, opcode,
04124681 5623 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5624 goto done;
5625 }
0736cfa8 5626
cebf4cfd 5627 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 5628 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 5629 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 5630 err = cmd_status(sk, index, opcode,
5631 MGMT_STATUS_INVALID_INDEX);
5632 goto done;
5633 }
42a9bc14
MH		 5634
5635 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
dbece37a 5636 opcode != MGMT_OP_READ_CONFIG_INFO &&
9713c17b
MH		 5637 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
5638 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
42a9bc14
MH		 5639 err = cmd_status(sk, index, opcode,
5640 MGMT_STATUS_INVALID_INDEX);
5641 goto done;
5642 }
bdb6d971
JH		 5643 }
5644
0f4e68cf 5645 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5646 mgmt_handlers[opcode].func == NULL) {
0381101f 5647 BT_DBG("Unknown op %u", opcode);
ca69b795 5648 err = cmd_status(sk, index, opcode,
04124681 5649 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5650 goto done;
5651 }
5652
73d1df2a
MH		 5653 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
5654 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5655 err = cmd_status(sk, index, opcode,
5656 MGMT_STATUS_INVALID_INDEX);
5657 goto done;
5658 }
5659
5660 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
5661 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
0f4e68cf 5662 err = cmd_status(sk, index, opcode,
04124681 5663 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5664 goto done;
0381101f
JH		 5665 }
5666
be22b54e
JH		 5667 handler = &mgmt_handlers[opcode];
5668
5669 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5670 (!handler->var_len && len != handler->data_len)) {
be22b54e 5671 err = cmd_status(sk, index, opcode,
04124681 5672 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5673 goto done;
5674 }
5675
0f4e68cf
JH		 5676 if (hdev)
5677 mgmt_init_hdev(sk, hdev);
5678
5679 cp = buf + sizeof(*hdr);
5680
be22b54e 5681 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5682 if (err < 0)
5683 goto done;
5684
0381101f
JH		 5685 err = msglen;
5686
5687done:
bdb6d971
JH		 5688 if (hdev)
5689 hci_dev_put(hdev);
5690
0381101f
JH		 5691 kfree(buf);
5692 return err;
5693}
c71e97bf 5694
bf6b56db 5695void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 5696{
1514b892 5697 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5698 return;
bb4b2a9a 5699
0602a8ad
MH		 5700 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5701 return;
5702
5703 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5704 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
5705 else
5706 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 5707}
5708
bf6b56db 5709void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 5710{
5f159032 5711 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 5712
1514b892 5713 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5714 return;
bb4b2a9a 5715
0602a8ad
MH		 5716 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5717 return;
5718
744cf19e 5719 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 5720
edd3896b
MH		 5721 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5722 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
5723 else
5724 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 5725}
5726
6046dc3e 5727/* This function requires the caller holds hdev->lock */
d7347f3c 5728static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 5729{
5730 struct hci_conn_params *p;
5731
5732 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 5733 /* Needed for AUTO_OFF case where might not "really"
5734 * have been powered off.
5735 */
5736 list_del_init(&p->action);
5737
5738 switch (p->auto_connect) {
5739 case HCI_AUTO_CONN_ALWAYS:
5740 list_add(&p->action, &hdev->pend_le_conns);
5741 break;
5742 case HCI_AUTO_CONN_REPORT:
5743 list_add(&p->action, &hdev->pend_le_reports);
5744 break;
5745 default:
5746 break;
c83ed19d 5747 }
6046dc3e 5748 }
c83ed19d 5749
c83ed19d 5750 hci_update_background_scan(hdev);
6046dc3e
AG		 5751}
5752
229ab39c
JH		 5753static void powered_complete(struct hci_dev *hdev, u8 status)
5754{
5755 struct cmd_lookup match = { NULL, hdev };
5756
5757 BT_DBG("status 0x%02x", status);
5758
5759 hci_dev_lock(hdev);
5760
d7347f3c 5761 restart_le_actions(hdev);
6046dc3e 5762
229ab39c
JH		 5763 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5764
5765 new_settings(hdev, match.sk);
5766
5767 hci_dev_unlock(hdev);
5768
5769 if (match.sk)
5770 sock_put(match.sk);
5771}
5772
70da6243 5773static int powered_update_hci(struct hci_dev *hdev)
5add6af8 5774{
890ea898 5775 struct hci_request req;
70da6243 5776 u8 link_sec;
5add6af8 5777
890ea898
JH		 5778 hci_req_init(&req, hdev);
5779
70da6243
JH		 5780 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5781 !lmp_host_ssp_capable(hdev)) {
5782 u8 ssp = 1;
5e5282bb 5783
890ea898 5784 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5785 }
5add6af8 5786
c73eee91
JH		 5787 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5788 lmp_bredr_capable(hdev)) {
70da6243 5789 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5790
70da6243
JH		 5791 cp.le = 1;
5792 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 5793
70da6243
JH		 5794 /* Check first if we already have the right
5795 * host state (host features set)
5796 */
5797 if (cp.le != lmp_host_le_capable(hdev) ||
5798 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5799 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5800 sizeof(cp), &cp);
70da6243 5801 }
3d1cbdd6 5802
d13eafce 5803 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5804 /* Make sure the controller has a good default for
5805 * advertising data. This also applies to the case
5806 * where BR/EDR was toggled during the AUTO_OFF phase.
5807 */
f14d8f64 5808 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5809 update_adv_data(&req);
f14d8f64
MH		 5810 update_scan_rsp_data(&req);
5811 }
441ad2d0 5812
bba3aa55
MH		 5813 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5814 enable_advertising(&req);
eeca6f89
JH		 5815 }
5816
70da6243
JH		 5817 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5818 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5819 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5820 sizeof(link_sec), &link_sec);
562fcc24 5821
70da6243 5822 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5823 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5824 set_bredr_scan(&req);
890ea898 5825 update_class(&req);
13928971 5826 update_name(&req);
890ea898 5827 update_eir(&req);
70da6243 5828 }
562fcc24 5829
229ab39c 5830 return hci_req_run(&req, powered_complete);
70da6243 5831}
562fcc24 5832
70da6243
JH		 5833int mgmt_powered(struct hci_dev *hdev, u8 powered)
5834{
5835 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5836 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5837 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5838 int err;
f0ff92fb 5839
70da6243
JH		 5840 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5841 return 0;
5842
70da6243 5843 if (powered) {
229ab39c
JH		 5844 if (powered_update_hci(hdev) == 0)
5845 return 0;
fe038884 5846
229ab39c
JH		 5847 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5848 &match);
5849 goto new_settings;
b24752fe
JH		 5850 }
5851
229ab39c
JH		 5852 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5853 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5854
5855 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5856 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5857 zero_cod, sizeof(zero_cod), NULL);
5858
5859new_settings:
beadb2bd 5860 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5861
5862 if (match.sk)
5863 sock_put(match.sk);
5864
7bb895d6 5865 return err;
5add6af8 5866}
73f22f62 5867
3eec705e 5868void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5869{
5870 struct pending_cmd *cmd;
5871 u8 status;
5872
5873 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5874 if (!cmd)
3eec705e 5875 return;
96570ffc
JH		 5876
5877 if (err == -ERFKILL)
5878 status = MGMT_STATUS_RFKILLED;
5879 else
5880 status = MGMT_STATUS_FAILED;
5881
3eec705e 5882 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5883
5884 mgmt_pending_remove(cmd);
96570ffc
JH		 5885}
5886
d1967ff8
MH		 5887void mgmt_discoverable_timeout(struct hci_dev *hdev)
5888{
5889 struct hci_request req;
d1967ff8
MH		 5890
5891 hci_dev_lock(hdev);
5892
5893 /* When discoverable timeout triggers, then just make sure
5894 * the limited discoverable flag is cleared. Even in the case
5895 * of a timeout triggered from general discoverable, it is
5896 * safe to unconditionally clear the flag.
5897 */
5898 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 5899 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 5900
5901 hci_req_init(&req, hdev);
4b580614
JH		 5902 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5903 u8 scan = SCAN_PAGE;
5904 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5905 sizeof(scan), &scan);
5906 }
d1967ff8 5907 update_class(&req);
9a43e25f 5908 update_adv_data(&req);
d1967ff8
MH		 5909 hci_req_run(&req, NULL);
5910
5911 hdev->discov_timeout = 0;
5912
9a43e25f
JH		 5913 new_settings(hdev, NULL);
5914
d1967ff8
MH		 5915 hci_dev_unlock(hdev);
5916}
5917
86a75645 5918void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 5919{
86a75645 5920 bool changed;
73f22f62 5921
bfaf8c9f
JH		 5922 /* Nothing needed here if there's a pending command since that
5923 * commands request completion callback takes care of everything
5924 * necessary.
5925 */
5926 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 5927 return;
bfaf8c9f 5928
bd107999
JH		 5929 /* Powering off may clear the scan mode - don't let that interfere */
5930 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5931 return;
5932
9a43e25f 5933 if (discoverable) {
86a75645 5934 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5935 } else {
5936 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 5937 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5938 }
5939
5940 if (changed) {
5941 struct hci_request req;
5942
5943 /* In case this change in discoverable was triggered by
5944 * a disabling of connectable there could be a need to
5945 * update the advertising flags.
5946 */
5947 hci_req_init(&req, hdev);
5948 update_adv_data(&req);
5949 hci_req_run(&req, NULL);
73f22f62 5950
86a75645 5951 new_settings(hdev, NULL);
9a43e25f 5952 }
73f22f62 5953}
9fbcbb45 5954
a330916c 5955void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 5956{
a330916c 5957 bool changed;
9fbcbb45 5958
d7b856f9
JH		 5959 /* Nothing needed here if there's a pending command since that
5960 * commands request completion callback takes care of everything
5961 * necessary.
5962 */
5963 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 5964 return;
d7b856f9 5965
ce3f24cf
JH		 5966 /* Powering off may clear the scan mode - don't let that interfere */
5967 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5968 return;
5969
a330916c
MH		 5970 if (connectable)
5971 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5972 else
5973 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 5974
beadb2bd 5975 if (changed)
a330916c 5976 new_settings(hdev, NULL);
9fbcbb45 5977}
55ed8ca1 5978
778b235a
JH		 5979void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
5980{
7c4cfab8
JH		 5981 /* Powering off may stop advertising - don't let that interfere */
5982 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5983 return;
5984
778b235a
JH		 5985 if (advertising)
5986 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
5987 else
5988 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5989}
5990
4796e8af 5991void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 5992{
ca69b795
JH		 5993 u8 mgmt_err = mgmt_status(status);
5994
2d7cee58 5995 if (scan & SCAN_PAGE)
744cf19e 5996 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 5997 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5998
5999 if (scan & SCAN_INQUIRY)
744cf19e 6000 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 6001 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 6002}
6003
dc4a5ee2
MH		 6004void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6005 bool persistent)
55ed8ca1 6006{
86742e1e 6007 struct mgmt_ev_new_link_key ev;
55ed8ca1 6008
a492cd52 6009 memset(&ev, 0, sizeof(ev));
55ed8ca1 6010
a492cd52 6011 ev.store_hint = persistent;
d753fdc4 6012 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6013 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6014 ev.key.type = key->type;
9b3b4460 6015 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6016 ev.key.pin_len = key->pin_len;
55ed8ca1 6017
dc4a5ee2 6018 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6019}
f7520543 6020
d7b25450
JH		 6021static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6022{
6023 if (ltk->authenticated)
6024 return MGMT_LTK_AUTHENTICATED;
6025
6026 return MGMT_LTK_UNAUTHENTICATED;
6027}
6028
53ac6ab6 6029void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6030{
6031 struct mgmt_ev_new_long_term_key ev;
6032
6033 memset(&ev, 0, sizeof(ev));
6034
5192d301
MH		 6035 /* Devices using resolvable or non-resolvable random addresses
6036 * without providing an indentity resolving key don't require
6037 * to store long term keys. Their addresses will change the
6038 * next time around.
6039 *
6040 * Only when a remote device provides an identity address
6041 * make sure the long term key is stored. If the remote
6042 * identity is known, the long term keys are internally
6043 * mapped to the identity address. So allow static random
6044 * and public addresses here.
6045 */
ba74b666
JH		 6046 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6047 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6048 ev.store_hint = 0x00;
6049 else
53ac6ab6 6050 ev.store_hint = persistent;
ba74b666 6051
346af67b 6052 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6053 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6054 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6055 ev.key.enc_size = key->enc_size;
6056 ev.key.ediv = key->ediv;
fe39c7b2 6057 ev.key.rand = key->rand;
346af67b 6058
2ceba539 6059 if (key->type == SMP_LTK)
346af67b
VCG		 6060 ev.key.master = 1;
6061
346af67b
VCG		 6062 memcpy(ev.key.val, key->val, sizeof(key->val));
6063
083368f7 6064 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6065}
6066
95fbac8a
JH		 6067void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6068{
6069 struct mgmt_ev_new_irk ev;
6070
6071 memset(&ev, 0, sizeof(ev));
6072
bab6d1e5
MH		 6073 /* For identity resolving keys from devices that are already
6074 * using a public address or static random address, do not
6075 * ask for storing this key. The identity resolving key really
6076 * is only mandatory for devices using resovlable random
6077 * addresses.
6078 *
6079 * Storing all identity resolving keys has the downside that
6080 * they will be also loaded on next boot of they system. More
6081 * identity resolving keys, means more time during scanning is
6082 * needed to actually resolve these addresses.
6083 */
6084 if (bacmp(&irk->rpa, BDADDR_ANY))
6085 ev.store_hint = 0x01;
6086 else
6087 ev.store_hint = 0x00;
6088
95fbac8a
JH		 6089 bacpy(&ev.rpa, &irk->rpa);
6090 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6091 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6092 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6093
6094 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6095}
6096
53ac6ab6
MH		 6097void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6098 bool persistent)
7ee4ea36
MH		 6099{
6100 struct mgmt_ev_new_csrk ev;
6101
6102 memset(&ev, 0, sizeof(ev));
6103
6104 /* Devices using resolvable or non-resolvable random addresses
6105 * without providing an indentity resolving key don't require
6106 * to store signature resolving keys. Their addresses will change
6107 * the next time around.
6108 *
6109 * Only when a remote device provides an identity address
6110 * make sure the signature resolving key is stored. So allow
6111 * static random and public addresses here.
6112 */
6113 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6114 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6115 ev.store_hint = 0x00;
6116 else
53ac6ab6 6117 ev.store_hint = persistent;
7ee4ea36
MH		 6118
6119 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6120 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6121 ev.key.master = csrk->master;
6122 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6123
6124 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6125}
6126
ffb5a827 6127void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6128 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6129 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6130{
6131 struct mgmt_ev_new_conn_param ev;
6132
c103aea6
JH		 6133 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6134 return;
6135
ffb5a827
AG		 6136 memset(&ev, 0, sizeof(ev));
6137 bacpy(&ev.addr.bdaddr, bdaddr);
6138 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6139 ev.store_hint = store_hint;
ffb5a827
AG		 6140 ev.min_interval = cpu_to_le16(min_interval);
6141 ev.max_interval = cpu_to_le16(max_interval);
6142 ev.latency = cpu_to_le16(latency);
6143 ev.timeout = cpu_to_le16(timeout);
6144
6145 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6146}
6147
94933991
MH		 6148static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6149 u8 data_len)
6150{
6151 eir[eir_len++] = sizeof(type) + data_len;
6152 eir[eir_len++] = type;
6153 memcpy(&eir[eir_len], data, data_len);
6154 eir_len += data_len;
6155
6156 return eir_len;
6157}
6158
ecd90ae7
MH		 6159void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6160 u8 addr_type, u32 flags, u8 *name, u8 name_len,
6161 u8 *dev_class)
f7520543 6162{
b644ba33
JH		 6163 char buf[512];
6164 struct mgmt_ev_device_connected *ev = (void *) buf;
6165 u16 eir_len = 0;
f7520543 6166
b644ba33 6167 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6168 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 6169
c95f0ba7 6170 ev->flags = __cpu_to_le32(flags);
08c79b61 6171
b644ba33
JH		 6172 if (name_len > 0)
6173 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 6174 name, name_len);
b644ba33
JH		 6175
6176 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 6177 eir_len = eir_append_data(ev->eir, eir_len,
04124681 6178 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 6179
eb55ef07 6180 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6181
ecd90ae7
MH		 6182 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6183 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6184}
6185
8962ee74
JH		 6186static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6187{
c68fb7ff 6188 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 6189 struct sock **sk = data;
a38528f1 6190 struct mgmt_rp_disconnect rp;
8962ee74 6191
88c3df13
JH		 6192 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6193 rp.addr.type = cp->addr.type;
8962ee74 6194
aee9b218 6195 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 6196 sizeof(rp));
8962ee74
JH		 6197
6198 *sk = cmd->sk;
6199 sock_hold(*sk);
6200
a664b5bc 6201 mgmt_pending_remove(cmd);
8962ee74
JH		 6202}
6203
124f6e35 6204static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 6205{
b1078ad0 6206 struct hci_dev *hdev = data;
124f6e35
JH		 6207 struct mgmt_cp_unpair_device *cp = cmd->param;
6208 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 6209
6210 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 6211 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6212 rp.addr.type = cp->addr.type;
a8a1d19e 6213
b1078ad0
JH		 6214 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6215
aee9b218 6216 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 6217
6218 mgmt_pending_remove(cmd);
6219}
6220
9b80ec5e 6221void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6222 u8 link_type, u8 addr_type, u8 reason,
6223 bool mgmt_connected)
f7520543 6224{
f0d6a0ea 6225 struct mgmt_ev_device_disconnected ev;
8b064a3a 6226 struct pending_cmd *power_off;
8962ee74 6227 struct sock *sk = NULL;
8962ee74 6228
8b064a3a
JH		 6229 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6230 if (power_off) {
6231 struct mgmt_mode *cp = power_off->param;
6232
6233 /* The connection is still in hci_conn_hash so test for 1
6234 * instead of 0 to know if this is the last one.
6235 */
a3172b7e
JH		 6236 if (!cp->val && hci_conn_count(hdev) == 1) {
6237 cancel_delayed_work(&hdev->power_off);
8b064a3a 6238 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 6239 }
8b064a3a
JH		 6240 }
6241
12d4a3b2
JH		 6242 if (!mgmt_connected)
6243 return;
6244
57eb776f
AG		 6245 if (link_type != ACL_LINK && link_type != LE_LINK)
6246 return;
6247
744cf19e 6248 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6249
f0d6a0ea
MA		 6250 bacpy(&ev.addr.bdaddr, bdaddr);
6251 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6252 ev.reason = reason;
f7520543 6253
9b80ec5e 6254 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6255
6256 if (sk)
d97dcb66 6257 sock_put(sk);
8962ee74 6258
124f6e35 6259 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6260 hdev);
8962ee74
JH		 6261}
6262
7892924c
MH		 6263void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6264 u8 link_type, u8 addr_type, u8 status)
8962ee74 6265{
3655bba8
AG		 6266 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6267 struct mgmt_cp_disconnect *cp;
88c3df13 6268 struct mgmt_rp_disconnect rp;
8962ee74 6269 struct pending_cmd *cmd;
8962ee74 6270
36a75f1b
JD		 6271 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6272 hdev);
6273
2e58ef3e 6274 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6275 if (!cmd)
7892924c 6276 return;
8962ee74 6277
3655bba8
AG		 6278 cp = cmd->param;
6279
6280 if (bacmp(bdaddr, &cp->addr.bdaddr))
6281 return;
6282
6283 if (cp->addr.type != bdaddr_type)
6284 return;
6285
88c3df13 6286 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 6287 rp.addr.type = bdaddr_type;
37d9ef76 6288
7892924c
MH		 6289 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
6290 mgmt_status(status), &rp, sizeof(rp));
8962ee74 6291
a664b5bc 6292 mgmt_pending_remove(cmd);
f7520543 6293}
17d5c04c 6294
445608d0
MH		 6295void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6296 u8 addr_type, u8 status)
17d5c04c
JH		 6297{
6298 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 6299 struct pending_cmd *power_off;
6300
6301 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6302 if (power_off) {
6303 struct mgmt_mode *cp = power_off->param;
6304
6305 /* The connection is still in hci_conn_hash so test for 1
6306 * instead of 0 to know if this is the last one.
6307 */
a3172b7e
JH		 6308 if (!cp->val && hci_conn_count(hdev) == 1) {
6309 cancel_delayed_work(&hdev->power_off);
c9910d0f 6310 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 6311 }
c9910d0f 6312 }
17d5c04c 6313
4c659c39 6314 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6315 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6316 ev.status = mgmt_status(status);
17d5c04c 6317
445608d0 6318 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6319}
980e1a53 6320
ce0e4a0d 6321void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6322{
6323 struct mgmt_ev_pin_code_request ev;
6324
d8457698 6325 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6326 ev.addr.type = BDADDR_BREDR;
a770bb5a 6327 ev.secure = secure;
980e1a53 6328
ce0e4a0d 6329 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6330}
6331
e669cf80
MH		 6332void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6333 u8 status)
980e1a53
JH		 6334{
6335 struct pending_cmd *cmd;
ac56fb13 6336 struct mgmt_rp_pin_code_reply rp;
980e1a53 6337
2e58ef3e 6338 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6339 if (!cmd)
e669cf80 6340 return;
980e1a53 6341
d8457698 6342 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6343 rp.addr.type = BDADDR_BREDR;
ac56fb13 6344
e669cf80
MH		 6345 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6346 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6347
a664b5bc 6348 mgmt_pending_remove(cmd);
980e1a53
JH		 6349}
6350
3eb38528
MH		 6351void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6352 u8 status)
980e1a53
JH		 6353{
6354 struct pending_cmd *cmd;
ac56fb13 6355 struct mgmt_rp_pin_code_reply rp;
980e1a53 6356
2e58ef3e 6357 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6358 if (!cmd)
3eb38528 6359 return;
980e1a53 6360
d8457698 6361 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6362 rp.addr.type = BDADDR_BREDR;
ac56fb13 6363
3eb38528
MH		 6364 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6365 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6366
a664b5bc 6367 mgmt_pending_remove(cmd);
980e1a53 6368}
a5c29683 6369
744cf19e 6370int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6371 u8 link_type, u8 addr_type, u32 value,
04124681 6372 u8 confirm_hint)
a5c29683
JH		 6373{
6374 struct mgmt_ev_user_confirm_request ev;
6375
744cf19e 6376 BT_DBG("%s", hdev->name);
a5c29683 6377
272d90df 6378 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6379 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6380 ev.confirm_hint = confirm_hint;
39adbffe 6381 ev.value = cpu_to_le32(value);
a5c29683 6382
744cf19e 6383 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6384 NULL);
a5c29683
JH		 6385}
6386
272d90df 6387int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6388 u8 link_type, u8 addr_type)
604086b7
BG		 6389{
6390 struct mgmt_ev_user_passkey_request ev;
6391
6392 BT_DBG("%s", hdev->name);
6393
272d90df 6394 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6395 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6396
6397 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6398 NULL);
604086b7
BG		 6399}
6400
0df4c185 6401static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6402 u8 link_type, u8 addr_type, u8 status,
6403 u8 opcode)
a5c29683
JH		 6404{
6405 struct pending_cmd *cmd;
6406 struct mgmt_rp_user_confirm_reply rp;
6407 int err;
6408
2e58ef3e 6409 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6410 if (!cmd)
6411 return -ENOENT;
6412
272d90df 6413 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 6414 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 6415 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 6416 &rp, sizeof(rp));
a5c29683 6417
a664b5bc 6418 mgmt_pending_remove(cmd);
a5c29683
JH		 6419
6420 return err;
6421}
6422
744cf19e 6423int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6424 u8 link_type, u8 addr_type, u8 status)
a5c29683 6425{
272d90df 6426 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6427 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6428}
6429
272d90df 6430int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6431 u8 link_type, u8 addr_type, u8 status)
a5c29683 6432{
272d90df 6433 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6434 status,
6435 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6436}
2a611692 6437
604086b7 6438int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6439 u8 link_type, u8 addr_type, u8 status)
604086b7 6440{
272d90df 6441 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6442 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6443}
6444
272d90df 6445int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6446 u8 link_type, u8 addr_type, u8 status)
604086b7 6447{
272d90df 6448 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6449 status,
6450 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6451}
6452
92a25256
JH		 6453int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6454 u8 link_type, u8 addr_type, u32 passkey,
6455 u8 entered)
6456{
6457 struct mgmt_ev_passkey_notify ev;
6458
6459 BT_DBG("%s", hdev->name);
6460
6461 bacpy(&ev.addr.bdaddr, bdaddr);
6462 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6463 ev.passkey = __cpu_to_le32(passkey);
6464 ev.entered = entered;
6465
6466 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6467}
6468
e546099c
MH		 6469void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6470 u8 addr_type, u8 status)
2a611692
JH		 6471{
6472 struct mgmt_ev_auth_failed ev;
6473
bab73cb6 6474 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6475 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6476 ev.status = mgmt_status(status);
2a611692 6477
e546099c 6478 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 6479}
b312b161 6480
464996ae 6481void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6482{
6483 struct cmd_lookup match = { NULL, hdev };
464996ae 6484 bool changed;
33ef95ed
JH		 6485
6486 if (status) {
6487 u8 mgmt_err = mgmt_status(status);
6488 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6489 cmd_status_rsp, &mgmt_err);
464996ae 6490 return;
33ef95ed
JH		 6491 }
6492
464996ae
MH		 6493 if (test_bit(HCI_AUTH, &hdev->flags))
6494 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6495 &hdev->dev_flags);
6496 else
6497 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6498 &hdev->dev_flags);
47990ea0 6499
33ef95ed 6500 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6501 &match);
33ef95ed 6502
47990ea0 6503 if (changed)
464996ae 6504 new_settings(hdev, match.sk);
33ef95ed
JH		 6505
6506 if (match.sk)
6507 sock_put(match.sk);
33ef95ed
JH		 6508}
6509
890ea898 6510static void clear_eir(struct hci_request *req)
cacaf52f 6511{
890ea898 6512 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6513 struct hci_cp_write_eir cp;
6514
976eb20e 6515 if (!lmp_ext_inq_capable(hdev))
890ea898 6516 return;
cacaf52f 6517
c80da27e
JH		 6518 memset(hdev->eir, 0, sizeof(hdev->eir));
6519
cacaf52f
JH		 6520 memset(&cp, 0, sizeof(cp));
6521
890ea898 6522 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6523}
6524
3e248560 6525void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6526{
6527 struct cmd_lookup match = { NULL, hdev };
890ea898 6528 struct hci_request req;
c0ecddc2 6529 bool changed = false;
ed2c4ee3
JH		 6530
6531 if (status) {
6532 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6533
6534 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6535 &hdev->dev_flags)) {
6536 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6537 new_settings(hdev, NULL);
9ecb3e24 6538 }
c0ecddc2 6539
04124681
GP		 6540 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6541 &mgmt_err);
3e248560 6542 return;
c0ecddc2
JH		 6543 }
6544
6545 if (enable) {
9ecb3e24 6546 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6547 } else {
9ecb3e24
MH		 6548 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6549 if (!changed)
6550 changed = test_and_clear_bit(HCI_HS_ENABLED,
6551 &hdev->dev_flags);
6552 else
6553 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6554 }
6555
6556 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6557
c0ecddc2 6558 if (changed)
3e248560 6559 new_settings(hdev, match.sk);
ed2c4ee3 6560
5fc6ebb1 6561 if (match.sk)
ed2c4ee3
JH		 6562 sock_put(match.sk);
6563
890ea898
JH		 6564 hci_req_init(&req, hdev);
6565
3769972b
JH		 6566 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6567 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6568 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6569 sizeof(enable), &enable);
890ea898 6570 update_eir(&req);
3769972b 6571 } else {
890ea898 6572 clear_eir(&req);
3769972b 6573 }
890ea898
JH		 6574
6575 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6576}
6577
eac83dc6
MH		 6578void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6579{
6580 struct cmd_lookup match = { NULL, hdev };
6581 bool changed = false;
6582
6583 if (status) {
6584 u8 mgmt_err = mgmt_status(status);
6585
0ab04a9c
MH		 6586 if (enable) {
6587 if (test_and_clear_bit(HCI_SC_ENABLED,
6588 &hdev->dev_flags))
6589 new_settings(hdev, NULL);
6590 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6591 }
eac83dc6
MH		 6592
6593 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6594 cmd_status_rsp, &mgmt_err);
6595 return;
6596 }
6597
0ab04a9c 6598 if (enable) {
eac83dc6 6599 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6600 } else {
eac83dc6 6601 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6602 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6603 }
eac83dc6
MH		 6604
6605 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6606 settings_rsp, &match);
6607
6608 if (changed)
6609 new_settings(hdev, match.sk);
6610
6611 if (match.sk)
6612 sock_put(match.sk);
6613}
6614
92da6097 6615static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6616{
6617 struct cmd_lookup *match = data;
6618
90e70454
JH		 6619 if (match->sk == NULL) {
6620 match->sk = cmd->sk;
6621 sock_hold(match->sk);
6622 }
90e70454
JH		 6623}
6624
4e1b0245
MH		 6625void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6626 u8 status)
7f9a903c 6627{
90e70454 6628 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6629
92da6097
JH		 6630 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6631 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6632 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6633
6634 if (!status)
4e1b0245
MH		 6635 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6636 NULL);
90e70454
JH		 6637
6638 if (match.sk)
6639 sock_put(match.sk);
7f9a903c
MH		 6640}
6641
7667da34 6642void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6643{
b312b161 6644 struct mgmt_cp_set_local_name ev;
13928971 6645 struct pending_cmd *cmd;
28cc7bde 6646
13928971 6647 if (status)
7667da34 6648 return;
b312b161
JH		 6649
6650 memset(&ev, 0, sizeof(ev));
6651 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6652 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6653
2e58ef3e 6654 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6655 if (!cmd) {
6656 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6657
13928971
JH		 6658 /* If this is a HCI command related to powering on the
6659 * HCI dev don't send any mgmt signals.
6660 */
6661 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6662 return;
890ea898 6663 }
b312b161 6664
7667da34
MH		 6665 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6666 cmd ? cmd->sk : NULL);
b312b161 6667}
c35938b2 6668
4d2d2796
MH		 6669void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6670 u8 *randomizer192, u8 *hash256,
6671 u8 *randomizer256, u8 status)
c35938b2
SJ		 6672{
6673 struct pending_cmd *cmd;
c35938b2 6674
744cf19e 6675 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6676
2e58ef3e 6677 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6678 if (!cmd)
3edaf092 6679 return;
c35938b2
SJ		 6680
6681 if (status) {
3edaf092
MH		 6682 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6683 mgmt_status(status));
c35938b2 6684 } else {
4d2d2796
MH		 6685 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6686 hash256 && randomizer256) {
6687 struct mgmt_rp_read_local_oob_ext_data rp;
6688
6689 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6690 memcpy(rp.randomizer192, randomizer192,
6691 sizeof(rp.randomizer192));
c35938b2 6692
4d2d2796
MH		 6693 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6694 memcpy(rp.randomizer256, randomizer256,
6695 sizeof(rp.randomizer256));
c35938b2 6696
4d2d2796
MH		 6697 cmd_complete(cmd->sk, hdev->id,
6698 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6699 &rp, sizeof(rp));
6700 } else {
6701 struct mgmt_rp_read_local_oob_data rp;
6702
6703 memcpy(rp.hash, hash192, sizeof(rp.hash));
6704 memcpy(rp.randomizer, randomizer192,
6705 sizeof(rp.randomizer));
6706
6707 cmd_complete(cmd->sk, hdev->id,
6708 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6709 &rp, sizeof(rp));
6710 }
c35938b2
SJ		 6711 }
6712
6713 mgmt_pending_remove(cmd);
c35938b2 6714}
e17acd40 6715
901801b9 6716void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 6717 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6718 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 6719{
e319d2e7
JH		 6720 char buf[512];
6721 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 6722 size_t ev_size;
e17acd40 6723
75ce208c
JH		 6724 /* Don't send events for a non-kernel initiated discovery. With
6725 * LE one exception is if we have pend_le_reports > 0 in which
6726 * case we're doing passive scanning and want these events.
6727 */
6728 if (!hci_discovery_active(hdev)) {
6729 if (link_type == ACL_LINK)
6730 return;
66f8455a 6731 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
75ce208c
JH		 6732 return;
6733 }
12602d0c 6734
5d2e9fad
JH		 6735 /* Make sure that the buffer is big enough. The 5 extra bytes
6736 * are for the potential CoD field.
6737 */
6738 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 6739 return;
7d262f86 6740
1dc06093
JH		 6741 memset(buf, 0, sizeof(buf));
6742
841c5644
JH		 6743 bacpy(&ev->addr.bdaddr, bdaddr);
6744 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 6745 ev->rssi = rssi;
af58925c 6746 ev->flags = cpu_to_le32(flags);
e17acd40 6747
1dc06093 6748 if (eir_len > 0)
e319d2e7 6749 memcpy(ev->eir, eir, eir_len);
e17acd40 6750
1dc06093
JH		 6751 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6752 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 6753 dev_class, 3);
1dc06093 6754
5d2e9fad
JH		 6755 if (scan_rsp_len > 0)
6756 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6757
6758 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6759 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 6760
901801b9 6761 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 6762}
a88a9652 6763
9cf12aee
MH		 6764void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6765 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 6766{
b644ba33
JH		 6767 struct mgmt_ev_device_found *ev;
6768 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6769 u16 eir_len;
a88a9652 6770
b644ba33 6771 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 6772
b644ba33
JH		 6773 memset(buf, 0, sizeof(buf));
6774
6775 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6776 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 6777 ev->rssi = rssi;
6778
6779 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 6780 name_len);
b644ba33 6781
eb55ef07 6782 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 6783
9cf12aee 6784 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 6785}
314b2381 6786
2f1e063b 6787void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 6788{
f963e8e9 6789 struct mgmt_ev_discovering ev;
164a6e78
JH		 6790 struct pending_cmd *cmd;
6791
343fb145
AG		 6792 BT_DBG("%s discovering %u", hdev->name, discovering);
6793
164a6e78 6794 if (discovering)
2e58ef3e 6795 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 6796 else
2e58ef3e 6797 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6798
6799 if (cmd != NULL) {
f808e166
JH		 6800 u8 type = hdev->discovery.type;
6801
04124681
GP		 6802 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6803 sizeof(type));
164a6e78
JH		 6804 mgmt_pending_remove(cmd);
6805 }
6806
f963e8e9
JH		 6807 memset(&ev, 0, sizeof(ev));
6808 ev.type = hdev->discovery.type;
6809 ev.discovering = discovering;
6810
2f1e063b 6811 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6812}
5e762444 6813
5976e608
MH		 6814static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6815{
6816 BT_DBG("%s status %u", hdev->name, status);
6817
6818 /* Clear the advertising mgmt setting if we failed to re-enable it */
6819 if (status) {
6820 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6821 new_settings(hdev, NULL);
5976e608
MH		 6822 }
6823}
6824
6825void mgmt_reenable_advertising(struct hci_dev *hdev)
6826{
6827 struct hci_request req;
6828
b145edcd 6829 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 6830 return;
6831
6832 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6833 return;
6834
6835 hci_req_init(&req, hdev);
6836 enable_advertising(&req);
6837
6838 /* If this fails we have no option but to let user space know
6839 * that we've disabled advertising.
6840 */
6841 if (hci_req_run(&req, adv_enable_complete) < 0) {
6842 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6843 new_settings(hdev, NULL);
5976e608
MH		 6844 }
6845}
Linux kernel - Deliverables
This page took 0.777325 seconds and 5 git commands to generate.